Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2019-12350: zzcms 2019 dl/dl_download.php SQL injection · Issue #4 · cby234/zzcms

An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_download.php via an id parameter value with a trailing comma.

CVE
Open in Source
#sql#vulnerability#php
CVE-2019-12351: zzcms 2019 dl/dl_print.php SQL injection · Issue #3 · cby234/zzcms

An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_print.php via an id parameter value with a trailing comma.

CVE-2021-26633: KISA 인터넷 보호나라&KrCERT

SQL injection and Local File Inclusion (LFI) vulnerabilities in MaxBoard can cause information leakage and privilege escalation. This vulnerabilities can be exploited by manipulating a variable with a desired value and inserting and arbitrary file.

CVE-2021-26634: KISA 인터넷 보호나라&KrCERT

SQL injection and file upload attacks are possible due to insufficient validation of input values in some parameters and variables of files compromising Maxboard, which may lead to arbitrary code execution or privilege escalation. Attackers can use these vulnerabilities to perform attacks such as stealing server management rights using a web shell.

CVE-2022-31969: bug_report/SQLi-1.md at main · k0xx11/bug_report

ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=user/manage_user&id=.

CVE-2021-44096: Vulnerability/BUG - SQL Injection on "profile_action - update_user" · Issue #2 · EGavilan-Media/User-Registration-and-Login-System-With-Admin-Panel

EGavilan Media User-Registration-and-Login-System-With-Admin-Panel 1.0 is vulnerable to SQL Injection via profile_action - update_user. This allows a remote attacker to compromise Application SQL database.

CVE-2021-44097: CVE-2021–44097 - Shubham pandey - Medium

EGavilan Media Contact-Form-With-Messages-Entry-Management 1.0 is vulnerable to SQL Injection via Addmessage.php. This allows a remote attacker to compromise Application SQL database.

CVE-2021-44098: CVE-2021–44098 - Shubham pandey - Medium

EGavilan Media Expense-Management-System 1.0 is vulnerable to SQL Injection via /expense_action.php. This allows a remote attacker to compromise Application SQL database.

CVE-2021-44095: GitHub - projectworldsofficial/hospital-management-system-in-php: This is Hospital Management System Hospital management system is one of the best software that manages various activities in hospital

A SQL injection vulnerability exists in ProjectWorlds Hospital Management System in php 1.0 on login page that allows a remote attacker to compromise Application SQL database.

CVE-2021-32546: Releases · gogs/gogs

Missing input validation in internal/db/repo_editor.go in Gogs before 0.12.8 allows an attacker to execute code remotely. An unprivileged attacker (registered user) can overwrite the Git configuration in his repository. This leads to Remote Command Execution, because that configuration can contain an option such as sshCommand, which is executed when a master branch is a remote branch (using an ssh:// URI). The remote branch can also be configured by editing the Git configuration file. One can create a new file in a new repository, using the GUI, with "\" as its name, and then rename this file to .git/config with the custom configuration content (and then save it).