#sql

An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.

PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, or City.

PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, or City.

CodeLathe FileCloud before 20.2.0.11915 allows username enumeration.

An update for mariadb is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb (5.5.68). (BZ#1769276) Security Fix(es): * mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2974) * mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752) * mysql: Server: DML unspecified vulnerability (CPU Apr 2020) (CVE-2020-2780) * mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020) (CVE-2020-2812) * mysql: C API: unspecified vulnerability (CPU Jan 2020) (CVE-2020-2574) For more details about the security issue(s)...

An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against "page creation" and the attacker should not be able to create it. This occurs because of a mishandled distinction between an upload restriction and a create restriction. An attacker cannot leverage this to overwrite anything, but can leverage this to force a wiki to have a page with a disallowed title.

Pagure before 5.6 allows XSS via the templates/blame.html blame view.

A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11

An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter InstancePath in CHaD.asmx is vulnerable to unauthenticated SQL injection attacks.

Prototype pollution vulnerability in the TypeORM package < 0.2.25 may allow attackers to add or modify Object properties leading to further denial of service or SQL injection attacks.