Tag
#sql
Invision Community versions 4.4.0 through 4.7.15 suffer from a remote SQL injection vulnerability in store.php.
UP-RESULT version 0.1 2024 suffers from a remote SQL injection vulnerability.
By Daily Contributors Today over at Resonance Security I am going to look at one of the more unusual ways in… This is a post from HackRead.com Read the original post: The Legacy of a Security Breach
Authenticated attackers can exploit a weakness in the XML parser functionality of the Visual Planning application in order to obtain read access to arbitrary files on the application server. Depending on configured access permissions, this vulnerability could be used by an attacker to exfiltrate secrets stored on the local file system. All versions prior to Visual Planning 8 (Build 240207) are affected.
A wildcard injection inside a prepared SQL statement was found in an undocumented Visual Planning 8 REST API route. The combination of fuzzy matching (via LIKE operator) and user-controlled input allows exfiltrating the REST API key based on distinguishable server responses. If exploited, attackers are able to gain administrative access to the REST API version 2.0.
DerbyNet 9.0 suffers from a remote SQL injection vulnerability in print/render/racer.inc.
DerbyNet 9.0 suffers from a remote SQL injection vulnerability in print/render/award.inc.
DerbyNet 9.0 suffers from a remote SQL injection vulnerability in ajax/query.slide.next.inc.
Human Resource Management System 2024 version 1.0 suffers from a remote SQL injection vulnerability.
Jasmin Ransomware version 1.1 suffers from an arbitrary file read vulnerability.