Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
log injection vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-1498
A vulnerability classified as critical has been found in code-projects Responsive Hotel Site 1.0. Affected is an unknown function of the file messages.php of the component Newsletter Log Handler. The manipulation of the argument title leads to sql injection. It is possible to lau...
Responsive Hotel Site Project Responsive Hotel Site 1.0
9.8
CVSSv3
CVE-2022-27858
CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress.
Activity Log Project Activity Log
9.8
CVSSv3
CVE-2021-42010
Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue.
Apache Heron
9.8
CVSSv3
CVE-2022-42237
A SQL Injection issue in Merchandise Online Store v.1.0 allows an malicious user to log in to the admin account.
Merchandise Online Store Project Merchandise Online Store 1.0
9.8
CVSSv3
CVE-2022-26990
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the firewall-local log function via the EmailAddress, SmtpServerName, SmtpUsername, and SmtpPassword parameters. This vulnerability...
Arris Sbr-ac1900p Firmware 1.0.7-b05
Arris Sbr-ac3200p Firmware 1.0.7-b05
Arris Sbr-ac1200p Firmware 1.0.5-b05
9.8
CVSSv3
CVE-2022-24600
Luocms v2.0 is affected by SQL Injection through /admin/login.php. An attacker can log in to the background through SQL injection statements.
Luocms Project Luocms 2.0
9.8
CVSSv3
CVE-2021-43926
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) prior to 7.0.1-42218-2 allows remote malicious users to inject SQL commands via unspecified vectors.
Synology Diskstation Manager
9.8
CVSSv3
CVE-2021-43925
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) prior to 7.0.1-42218-2 allows remote malicious users to inject SQL commands via unspecified vectors.
Synology Diskstation Manager
9.8
CVSSv3
CVE-2022-23305
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows malicious users to manipulate the SQL by ent...
Apache Log4j
Netapp Snapmanager -
Broadcom Brocade Sannav -
Qos Reload4j
Oracle Weblogic Server 12.2.1.3.0
Oracle Business Intelligence 12.2.1.3.0
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Jdeveloper 12.2.1.3.0
Oracle Identity Management Suite 12.2.1.3.0
Oracle Business Intelligence 12.2.1.4.0
Oracle Weblogic Server 12.2.1.4.0
Oracle Weblogic Server 14.1.1.0.0
Oracle Enterprise Manager Base Platform 13.4.0.0
Oracle Communications Network Integrity 7.3.6
Oracle Business Process Management Suite 12.2.1.4.0
Oracle Advanced Supply Chain Planning 12.2
Oracle Advanced Supply Chain Planning 12.1
Oracle Communications Unified Inventory Management 7.4.1
Oracle Enterprise Manager Base Platform 13.5.0.0
Oracle Communications Messaging Server 8.1
Oracle Business Intelligence 5.9.0.0.0
Oracle Healthcare Foundation 8.1.0
2 Github repositories
1 Article
9.8
CVSSv3
CVE-2021-44966
SQL injection bypass authentication vulnerability in PHPGURUKUL Employee Record Management System 1.2 via index.php. An attacker can log in as an admin account of this system and can destroy, change or manipulate all sensitive information on the system.
Phpgurukul Employee Record Management System 1.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »