Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2022-47860: CVE/sql in removeProduct.php.md at main · xiumulty/CVE

Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeProduct.php.

CVE
Open in Source
#sql#git#php
CVE-2022-47866: CVE/sql in removeBrand.php.md at main · xiumulty/CVE

Lead management system v1.0 is vulnerable to SQL Injection via the id parameter in removeBrand.php.

CVE-2022-47865: CVE/sql in removeOrder.php.md at main · xiumulty/CVE

Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeOrder.php.

Kotlin app development company – How to choose

By Owais Sultan Find out what Kotlin app development will bring to your company, which global giants have already taken advantage… This is a post from HackRead.com Read the original post: Kotlin app development company – How to choose

CVE-2022-4696: 🐧🕺

There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_SPLICE operation. If IORING_OP_SPLICE is missing the IO_WQ_WORK_FILES flag, which signals that the operation won't use current->nsproxy, so its reference counter is not increased. This assumption is not always true as calling io_splice on specific files will call the get_uts function which will use current->nsproxy leading to invalidly decreasing its reference counter later causing the use-after-free vulnerability. We recommend upgrading to version 5.10.160 or above

CVE-2015-10036

A vulnerability was found in kylebebak dronfelipe. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The name of the patch is 87405b74fe651892d79d0dff62ed17a7eaef6a60. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217951.

CVE-2015-10037

A vulnerability, which was classified as critical, was found in ACI_Escola. This affects an unknown part. The manipulation leads to sql injection. The name of the patch is 34eed1f7b9295d1424912f79989d8aba5de41e9f. It is recommended to apply a patch to fix this issue. The identifier VDB-217965 was assigned to this vulnerability.

CVE-2023-22959: GitHub - chenan224/webchess_sqli_poc

WebChess through 0.9.0 and 1.0.0.rc2 allows SQL injection: mainmenu.php, chess.php, and opponentspassword.php (txtFirstName, txtLastName).

CVE-2022-38492: CVE-2022-38492 - Excellium Services

An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03 before 2022.1.110.1.02. One parameter allows SQL injection.

CVE-2022-45165: CVE-2022-45165 - Excellium Services

An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application accepts a user-controlled parameter that is used to create an SQL query. It causes this service to be prone to SQL injection.