#sql

The WP Meta SEO WordPress plugin before 4.5.3 does not properly sanitize and escape inputs into SQL queries, leading to a blind SQL Injection vulnerability that can be exploited by subscriber+ users.

The Paid Memberships Pro WordPress plugin before 2.9.12 does not prevent subscribers from rendering shortcodes that concatenate attributes directly into an SQL query.

The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query.

Red Hat Security Advisory 2023-1303-01 - Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. Data Grid 7.3.10 replaces Data Grid 7.3.9 and includes security fixes. Issues addressed include code execution and deserialization vulnerabilities.

101+ News Portal version 1.0 suffers from a remote blind SQL injection vulnerability.

Soko if the code that powers packages.gentoo.org. Prior to version 1.0.2, the two package search handlers, `Search` and `SearchFeed`, implemented in `pkg/app/handler/packages/search.go`, are affected by a SQL injection via the `q` parameter. As a result, unauthenticated attackers can execute arbitrary SQL queries on `https://packages.gentoo.org/`. It was also demonstrated that primitive was enough to gain code execution in the context of the PostgreSQL container. The issue was addressed in commit `4fa6e4b619c0362728955b6ec56eab0e0cbf1e23y` of version 1.0.2 using prepared statements to interpolate user-controlled data in SQL queries.

Music Gallery Site version 1.0 suffers from a cross site scripting vulnerability.

Medicine Tracker System version 1.0 suffers from a cross site scripting vulnerability.

Yoga Class Registration System version 1.0 suffers from a cross site scripting vulnerability.

Online Pizza Ordering System version 1.0 suffers from a remote SQL injection vulnerability.