Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2022-38286: Some SQL injection vulnerabilities exists in JFinal CMS 5.1.0 · Issue #52 · jflyfox/jfinal_cms

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/role/list.

CVE
Open in Source
#sql#vulnerability
RHSA-2022:6407: Red Hat Security Advisory: Red Hat Integration Camel-K 1.8 security update

A minor version update is now available for Red Hat Integration Camel K. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-9492: hadoop: WebHDFS client might send SPNEGO authorization header * CVE-2020-27223: jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS * CVE-2020-36518: jackson-databind: denial of service ...

CVE-2022-40305

A Server-Side Request Forgery issue in Canto Cumulus through 11.1.3 allows attackers to enumerate the internal network, overload network resources, and possibly have unspecified other impact via the server parameter to the /cwc/login login form.

CVE-2022-40280: Security: DoS vulnerability in function createDB() · Issue #5627 · Samsung/TizenRT

An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). createDB in security/provisioning/src/provisioningdatabasemanager.c has a missing sqlite3_close after sqlite3_open_v2, leading to a denial of service.

CVE-2022-38269: bug_report/SQLi-2.md at main · moyess/bug_report

School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the component /modules/modstudent/index.php?view=edit&id=.

CVE-2022-38268: bug_report/SQLi-3.md at main · moyess/bug_report

School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the component /modules/autonumber/index.php?view=edit&id=.

CVE-2022-38267: bug_report/SQLi-1.md at main · moyess/bug_report

School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the component /modules/user/index.php?view=edit&id=.

CVE-2022-38265: bug_report/SQLi-1.md at main · xxxcoll/bug_report

Apartment Visitor Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at /avms/edit-apartment.php.

CVE-2022-38260: bug_report/SQLi-2.md at main · Fright1Moch/bug_report

Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /interview/delete.php?action=questiondelete&id=.