Security
Headlines

Tag

#sql

CVE-2022-3276: CVE-2022-3276 - Puppetlabs-mysql Command Injection

Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.

CVE-2022-41377: bug_report/SQLi-2.md at main · hegeoo/bug_report

Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=maintenance/manage_category.

CVE-2022-41378: bug_report/SQLi-1.md at main · hegeoo/bug_report

Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=inventory/manage_inventory.

CVE-2022-42073: bug_report/SQLi-1.md at main · f0w4rD/bug_report

Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editclient.php?id=.

CVE-2022-42074: bug_report/SQLi-2.md at main · f0w4rD/bug_report

Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editcategory.php?id=.

CVE-2022-41512: bug_report/RCE-1.md at main · TGAyouman/bug_report

An arbitrary file upload vulnerability in the component /php_action/editFile.php of Online Diagnostic Lab Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

CVE-2022-41515: bug_report/SQLi-2.md at main · TGAyouman/bug_report

Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_payment.

CVE-2022-41514: bug_report/SQLi-1.md at main · TGAyouman/bug_report

Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_loan.

CVE-2022-41513: bug_report/SQLi-1.md at main · TGAyouman/bug_report

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /diagnostic/edittest.php.

We use cookies to provide necessary website functionality, and improve your user experience. By using the website, you agree to Privacy Policy and cookies usage.