#sql

SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. This vulnerability is only exploitable when chained with other attacks. To exploit this vulnerability, the attacker must modify the database and wait for the application to be upgraded.

thrsrossi Millhouse-Project version 1.414 suffers from a remote shell upload vulnerability.

eScan Management Console version 14.0.1400.2281 suffers from a remote SQL injection vulnerability.

Quicklancer version 1.0 suffers from a remote SQL injection vulnerability.

Smart School version 1.0 suffers from a remote SQL injection vulnerability.

LeadPro CRM version 1.0 suffers from a remote SQL injection vulnerability.

Esg version 2.5 suffers from a cross site scripting vulnerability.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ipekyolu Software Auto Damage Tracking Software allows SQL Injection.This issue affects Auto Damage Tracking Software: before 4.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Minova Technology eTrace allows SQL Injection.This issue affects eTrace: before 23.05.20.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cityboss E-municipality allows SQL Injection.This issue affects E-municipality: before 6.05.