Tag
#sql
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: Historian Server Vulnerability: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated user to get read and write access to the database. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of AVEVA Historian Server, a Process database, are affected: Historian Server: Version 2023 R2 Historian Server: Versions 2023 to 2023 P03 Historian Server: Versions 2020 to 2020 R2 SP1 P01 3.2 Vulnerability Overview 3.2.1 CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') AVEVA Historian Server has a vulnerability, if exploited, could allow a malicious SQL command to execute under the privileges of an interactive Historian REST Interface user who had been socially engineered by a miscreant into opening a specially crafted URL. CVE-2024-6456 has been assigned to this vulne...
Kortex version 1.0 suffers from an insecure direct object reference vulnerability.
Farmacia Gama version 1.0 Farmacia Gama version 1.0 suffers from a cross site request forgery vulnerability.
Computer Laboratory Management version 1.0 suffers from a remote authenticated SQL injection vulnerability.
Courier Management System version 2020-1.0 suffers from multiple remote SQL injection vulnerabilities.
Gentoo Linux Security Advisory 202408-24 - A vulnerability has been discovered in Ruby on Rails, which can lead to remote code execution via serialization of data. Versions greater than or equal to 6.1.6.1:6.1 are affected.
Garden Gate version 2.6 suffers from a remote SQL injection vulnerability.
Gaati Track version 1.0-2023 suffers from an ignored default credential vulnerability.
Farmacia Gama version 1.0 suffers from an insecure direct object reference vulnerability.