Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2022-48590: CVE-2022-48590

A SQL injection vulnerability exists in the “admin dynamic app mib errors” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.

CVE
Open in Source
#sql#vulnerability
CVE-2022-48589: CVE-2022-48589

A SQL injection vulnerability exists in the “reporting job editor” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.

CVE-2022-48588: CVE-2022-48588

A SQL injection vulnerability exists in the “schedule editor decoupled” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.

CVE-2022-48585: CVE-2022-48585

A SQL injection vulnerability exists in the “admin brand portal” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.

CVE-2022-48586: CVE-2022-48586

A SQL injection vulnerability exists in the “json walker” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.

CVE-2022-48587: CVE-2022-48587

A SQL injection vulnerability exists in the “schedule editor” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.

Deprixa 3.2.5 SQL Injection

Deprixa version 3.2.5 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

GHSA-gf46-prm4-56pc: PrestaShop SQL manager vulnerability

### Impact Remote code execution through SQL injection and arbitrary file write in back office ### Patches 1.7.8.10 8.0.5 8.1.1 ### Found by Truff (via yeswehack) ### Workarounds none ### References none

GHSA-75p5-jwx4-qw9h: PrestaShop boolean SQL injection

### Impact SQL injection possible in product search field, in BO's product page ### Patches 8.1.1 ### Found by Aleksey Solovev (Positive Technologies) ### Workarounds none ### References none