Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2023-27091: TeaCMS have a logic flaw · Issue #I6SXAF · XiaoBingBy/TeaCMS - Gitee.com

An unauthorized access issue found in XiaoBingby TeaCMS 2.3.3 allows attackers to escalate privileges via the id and keywords parameter(s).

CVE
Open in Source
#sql#web#js#git#java#auth#maven
RHSA-2023:1630: Red Hat Security Advisory: Satellite 6.12.3 Async Security Update

Updated Satellite 6.12 packages that fixes important security bugs and several regular bugs are now available for Red Hat Satellite.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41946: A flaw was found in org.postgresql. This issue allows the creation of a temporary file when using PreparedStatement.setText(int, InputStream) and PreparedStatemet.setBytea(int, InputStream). This could allow a user to create an unexpected file available to all users, which could end in unexpected behavior.

GHSA-hx8p-9m48-g76r: Ming-Soft MCMS vulnerable to SQL injection

SQL Injection vulnerability found in Ming-Soft MCMS v.4.7.2 allows a remote attacker to execute arbitrary code via `basic_title` parameter. This issue is resolved in v5.1.

CVE-2020-20914: There is a SQL Injection vulnerability that can dump the database · Issue #29 · sanluan/PublicCMS

SQL Injection vulnerability found in San Luan PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via the sql parameter.

CVE-2020-21060: sql injection exists many places in PHPMyWind v5.6 · Issue #10 · gaozhifeng/PHPMyWind

SQL injection vulnerability found in PHPMyWind v.5.6 allows a remote attacker to gain privileges via the delete function of the administrator management page.

CVE-2020-21514: There is a remote command execution vulnerability on version 0.12-1.0 · Issue #295 · fluent/fluentd-ui

An issue was discovered in Fluent Fluentd v.1.8.0 and Fluent-ui v.1.2.2 allows attackers to gain escilated privlidges and execute arbitrary code due to a default password.

CVE-2023-26750: Yii 2 <= 2.0.47 SQL Injection Vulnerability · Issue #19755 · yiisoft/yii2

SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function.

CVE-2020-20913: search has SQL injection vulnerability · Issue #27 · ming-soft/MCMS

SQL Injection vulnerability found in Ming-Soft MCMS v.4.7.2 allows a remote attacker to execute arbitrary code via basic_title parameter.

CVE-2022-47870: SQL Monitor 12.1.31.893 Cross Site Scripting ≈ Packet Storm

A Cross Site Scripting (XSS) vulnerability in the web SQL monitor login page in Redgate SQL Monitor 12.1.31.893 allows remote attackers to inject arbitrary web Script or HTML via the returnUrl parameter.

CVE-2023-1827

A vulnerability has been found in SourceCodester Centralized Covid Vaccination Records System 1.0 and classified as critical. This vulnerability affects unknown code of the file /vaccinated/admin/maintenance/manage_location.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224842 is the identifier assigned to this vulnerability.