Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2023-2865

A vulnerability was found in SourceCodester Theme Park Ticketing System 1.0. It has been classified as critical. This affects an unknown part of the file print_ticket.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229821 was assigned to this vulnerability.

CVE
Open in Source
#sql#vulnerability#php
CVE-2023-2863

A vulnerability has been found in Simple Design Daily Journal 1.012.GP.B on Android and classified as problematic. Affected by this vulnerability is an unknown functionality of the component SQLite Database. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229819.

CVE-2023-32697: Release Release 3.41.2.2 · xerial/sqlite-jdbc

SQLite JDBC is a library for accessing and creating SQLite database files in Java. Sqlite-jdbc addresses a remote code execution vulnerability via JDBC URL. This issue impacting versions 3.6.14.1 through 3.41.2.1 and has been fixed in version 3.41.2.2.

CVE-2023-1508

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adam Retail Automation Systems Mobilmen Terminal Software allows SQL Injection.This issue affects Mobilmen Terminal Software: before 3.

CVE-2023-31752: bug_report/SQLi-2.md at main · 4O4NtFd/bug_report

SourceCodester Employee and Visitor Gate Pass Logging System v1.0 is vulnerable to SQL Injection via /employee_gatepass/classes/Login.php.

GHSA-6phf-6h5g-97j2: Sqlite-jdbc vulnerable to remote code execution when JDBC url is attacker controlled

## Summary Sqlite-jdbc addresses a remote code execution vulnerability via JDBC URL. ## Impacted versions : 3.6.14.1-3.41.2.1 ## References https://github.com/xerial/sqlite-jdbc/releases/tag/3.41.2.2

WBiz Desk 1.2 Cross Site Scripting

WBiz Desk version 1.2 suffers from a cross site scripting vulnerability.

WBiz Desk 1.2 SQL Injection

WBiz Desk version 1.2 suffers from a remote SQL injection vulnerability in the idtk parameter. This is a variant finding from the original discovery of SQL injection in this version attributed to h4ck3r in May of 2023.