| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An SQL Injection vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 ivia the input_id POST parameter in index.php. |
| A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS is vulnerable to SQL injections. This could allow an attacker to execute arbitrary SQL statements. |
| An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8. |
| The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows SQL Injection. |
| A SQL Injection issue in the list controller of the Prestahome Blog (aka ph_simpleblog) module before 1.7.8 for Prestashop allows a remote attacker to extract data from the database via the sb_category parameter. |
| Emuse - eServices / eNvoice SQL injection can be used in various ways ranging from bypassing login authentication or dumping the whole database to full RCE on the affected endpoints. The SQLi caused by CWE-209: Generation of Error Message Containig Sensetive Information, showing parts of the aspx code and the webroot location , information an attacker can leverage to further compromise the host. |
| An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixed version is 14.0.0) via a POST request to the country_id parameter in an UPDATE statement. |
| Sourcecodester Phone Shop Sales Managements System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. |
| Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulnerable to SQL Injection. The username parameter is vulnerable to time-based SQL injection. Upon successful dumping the admin password hash, an attacker can decrypt and obtain the plain-text password. Hence, the attacker could authenticate as Administrator. |
| SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quicksearch parameter in \lib\packages\comments\comments.php. |
| A SQL Injection vulnerability in Cerner Mobile Care 5.0.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via a Fullwidth Apostrophe (aka U+FF07) in the default.aspx User ID field. Arbitrary system commands can be executed through the use of xp_cmdshell. |
| SQL Injection Vulnerability in Care2x Open Source Hospital Information Management 2.7 Alpha via the (1) pday, (2) pmonth, and (3) pyear parameters in GET requests sent to /modules/nursing/nursing-station.php. |
| iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to iDRAC. |
| Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. A remote malicious user may potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions and retrieve sensitive information from the database. |
| iDRAC9 versions prior to 5.00.00.00 contain an improper input validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability by sending a specially crafted malicious request to crash the webserver or cause information disclosure. |
| Dell iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.29.00 and 5.00.00.00 contain an SQL injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to the affected application. |
| A improper neutralization of Special Elements used in an SQL Command ('SQL Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclosure device, users and database information via crafted HTTP requests. |
| Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates (for the Manage Alerts page) via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user, database name, and database version information, and potentially database data. |
| Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in products.php (aka p=products) via the c or s parameter. |
| Online Pet Shop We App 1.0 is vulnerable to remote SQL injection and shell upload |
