#sql

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the `api/v1/file.go` file, there is a function called `SaveContentthat,It `recieves JSON data sent by users in the form of a POST request. And the lack of parameter filtering allows for arbitrary file write operations. Version 1.5.0 contains a patch for this issue.

Red Hat Security Advisory 2023-4591-01 - Red Hat Update Infrastructure offers a highly scalable, highly redundant framework that enables you to manage repositories and content. It also enables cloud providers to deliver content and updates to Red Hat Enterprise Linux instances. Issues addressed include bypass and denial of service vulnerabilities.

DriverPack Solution CMS version 17.11.108 suffers from a cross site scripting vulnerability.

DMIS:CRI LMS version 2.0 suffers from a remote SQL injection vulnerability.

Digisha CMS version 1.2.7 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

DigaSell Digital Store PHP Script version 1.0.0 suffers from a remote blind SQL injection vulnerability.

Desenvolvido C3iM CMS version 2.0 suffers from a cross site scripting vulnerability.

Code-Projects Online Hospital Management System V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the login id and password fields during the login process, enabling an attacker to inject malicious SQL code.

1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Siemens ​Equipment: RUGGEDCOM CROSSBOW ​Vulnerabilities: Out-of-bounds Read, Improper Privilege Management, SQL Injection, Missing Authentication for Critical Function 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary database queries via SQL injection attacks, create a denial-of-service condition, or write arbitrary files to the application's file system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​Siemens reports that the following server application is affected:  ​RUGGEDCOM CROSSBOW: Versions prior to V5.4 3.2 VULNERABILITY OVERVIEW 3.2.1 ​OUT-OF-BOUNDS READ CWE-125 ​An issue found in SQLite3 v.3.35.4 that could allow a remote attacker to cause a denial of service via the appendvfs.c function. ​CVE-2021-31239 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is...

Code-Projects Gym Management System V1.0 allows remote attackers to execute arbitrary SQL commands via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username and password fields, enabling SQL Injection attacks.