Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2023-38890: GitHub - akshadjoshi/CVE-2023-38890: poc

Online Shopping Portal Project 3.1 allows remote attackers to execute arbitrary SQL commands/queries via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username field, enabling SQL Injection attacks.

CVE
Open in Source
#sql#vulnerability#linux#git#php#auth
CVE-2023-4407

A vulnerability classified as critical was found in Codecanyon Credit Lite 1.5.4. Affected by this vulnerability is an unknown functionality of the file /portal/reports/account_statement of the component POST Request Handler. The manipulation of the argument date1/date2 leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-237511.

The Vulnerability of Zero Trust: Lessons from the Storm 0558 Hack

While IT security managers in companies and public administrations rely on the concept of Zero Trust, APTS (Advanced Persistent Threats) are putting its practical effectiveness to the test. Analysts, on the other hand, understand that Zero Trust can only be achieved with comprehensive insight into one's own network.  Just recently, an attack believed to be perpetrated by the Chinese hacker group

GHSA-9v66-9239-cqv2: Jeecg-boot SQL Injection vulnerability

SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the `Benchmark`, `PG_Sleep`, `DBMS_Lock.Sleep`, `Waitfor`, `DECODE`, and `DBMS_PIPE.RECEIVE_MESSAGE` functions.

CVE-2023-31943: BugReport/php/Online-Travel-Agency-System/bug6-SQL-Injection-ticket_id.md at main · DiliLearngent/BugReport

SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the ticket_id parameter at ticket_detail.php.

CVE-2023-31944: BugReport/php/Online-Travel-Agency-System/bug3-SQL-Injection-emp_id2.md at main · DiliLearngent/BugReport

SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the emp_id parameter at employee_edit.php.

CVE-2023-31945: BugReport/php/Online-Travel-Agency-System/bug5-SQL-Injection-id.md at main · DiliLearngent/BugReport

SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the id parameter at daily_expenditure_edit.php.

CVE-2023-31938: BugReport/php/Online-Travel-Agency-System/bug2-SQL-Injection-emp_id.md at main · DiliLearngent/BugReport

SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the emp_id parameter at employee_detail.php.

CVE-2023-31940: BugReport/php/Online-Travel-Agency-System/bug7-SQL-Injection-page_id.md at main · DiliLearngent/BugReport

SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the page_id parameter at article_edit.php.

CVE-2023-31939: BugReport/php/Online-Travel-Agency-System/bug4-SQL-Injection-costomer_id.md at main · DiliLearngent/BugReport

SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the costomer_id parameter at customer_edit.php.