#sql

A vulnerability was found in IBOS OA 4.5.5. It has been declared as critical. This vulnerability affects unknown code of the file ?r=recruit/contact/export&contactids=x. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238048. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

ArcGIS Enterprise Server versions 11.0 and below have an information disclosure vulnerability where a remote, unauthorized attacker may submit a crafted query that may result in a low severity information disclosure issue. The information disclosed is limited to a single attribute in a database connection string. No business data is disclosed.

Debian Linux Security Advisory 5482-1 - Edbo and Cedric Krier discovered that the Tryton application server does enforce record rules when only reading fields without an SQL type.

Business Directory Script version 3.2 suffers from a remote SQL injection vulnerability.

Gravigra CMS version 1.0 suffers from a remote SQL injection vulnerability.

G and G Corporate CMS version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Geeklog version 2.1.0b1 suffers from a remote SQL injection vulnerability.

GraceHRM version 1.0.3 suffers from a directory traversal vulnerability.

User Registration and Login and User Management System version 3.0 suffers from a remote SQL injection vulnerability.

Cross Site Scripting (XSS) vulnerability in sourcecodester Student Study Center Desk Management System 1.0 allows attackers to run arbitrary code via crafted GET request to web application URL.