Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

sql injection vulnerabilities and exploits

(subscribe to this query)

NA
CVE-2006-6354
Multiple SQL injection vulnerabilities in detail.asp in DuWare DuNews allow remote attackers to execute arbitrary SQL commands via the (1) iNews, (2) iType, or (3) Action parameter. NOTE: the iType parameter in type.asp is covered by CVE-2005-3976....
Duware Duclassified 4.1Duware Duclassified 4.2Duware Dudownload 1.0Duware Dudownload 1.1Duware Dupaypal 3.0Duware Dupaypal 3.1Duware Duamazon 3.0Duware Duamazon 3.1Duware Dudirectory Pro 3.0Duware Dudirectory Pro 3.1Duware Dugallery 3.2Duware Dugallery 3.3Duware Dudirectory 3.0Duware Dudirectory 3.1Duware Dugallery 3.0Duware Dugallery 3.1Duware Dupaypal Pro 3.0Duware Dupaypal Pro 3.1Duware Duarticle 1.0Duware Duarticle 1.1Duware Duclassified 4.0Duware Dudirectory Pro Sql 3.0Duware Dudirectory Pro Sql 3.1Duware Dunews 1.0Duware Dunews 1.1
NA
CVE-2005-3976
SQL injection vulnerability in type.asp, as used in multiple DUware products including (1) DUamazon 3.1, (2) DUarticle 1.1, (3) DUclassified 4.2, (4) DUdirectory 3.1 and DUdirectory Pro 3.0 and 3.0 SQL, (5) DUdownload 1.1, (6) DUgallery 3.3, (7) DUnews 1.1, and (8) DUpaypal 3.1...
Duware Duarticle 1.1Duware Duclassified 4.2Duware Dupaypal 3.1Duware Dupaypal Pro 3.0Duware Dudirectory Pro Sql 3.0Duware Dudownload 1.1Duware Duamazon 3.1Duware Dugallery 3.3Duware Dunews 1.1Duware Dudirectory 3.1Duware Dudirectory Pro 3.0
7.8
CVSSv3
CVE-2019-7548
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled....
Sqlalchemy Sqlalchemy 1.2.17Debian Debian Linux 8.0Debian Debian Linux 9.0Opensuse Backports Sle 15.0Opensuse Leap 15.0Opensuse Leap 15.1Redhat Enterprise Linux 8.0Redhat Enterprise Linux Eus 8.1Redhat Enterprise Linux Eus 8.2Redhat Enterprise Linux Eus 8.4Redhat Enterprise Linux Server Aus 8.2Redhat Enterprise Linux Server Aus 8.4Redhat Enterprise Linux Server Tus 8.2Redhat Enterprise Linux Server Tus 8.4Oracle Communications Operations Monitor 4.2Oracle Communications Operations Monitor 4.3
9.8
CVSSv3
CVE-2022-29155
In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack...
Openldap OpenldapDebian Debian Linux 9.0Debian Debian Linux 10.0Debian Debian Linux 11.0Netapp H300s Firmware -Netapp H500s Firmware -Netapp H700s Firmware -Netapp H700e Firmware -Netapp H410s Firmware -Netapp H410c Firmware -
NA
CVE-2014-7814
SQL injection vulnerability in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 allows remote authenticated users to execute arbitrary SQL commands via a crafted REST API request to an SQL filter....
Redhat Cloudforms 3.1 Management Engine 5.3
NA
CVE-2013-4386
Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) fqdn or (2) hostgroup parameter....
Redhat Openstack 3.0Theforeman Foreman 1.2.1Theforeman Foreman 1.2.0Theforeman Foreman
NA
CVE-2013-4461
SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to execute arbitrary SQL commands via vectors related to the "filtering table operator."...
Redhat Enterprise Mrg 2.4
4.3
CVSSv3
CVE-2018-14623
A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072....
Theforeman Katello
NA
CVE-2014-0137
SQL injection vulnerability in the saved_report_delete action in the ReportController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to MiqReportResult.exists....
Redhat Cloudforms 3.0 Management Engine 5.2.1Redhat Cloudforms 3.0 Management EngineRedhat Cloudforms 3.0 Management Engine 5.2.2Redhat Cloudforms 3.0 Management Engine 5.2
9.8
CVSSv3
CVE-2022-25517
MyBatis plus v3.4.3 was discovered to contain a SQL injection vulnerability via the Column parameter in /core/conditions/AbstractWrapper.java....
Baomidou Mybatis-plus 3.4.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
elevation of privilegeCVE-2022-42331CVE-2023-24709CVE-2023-27569open redirectinjectionCVE-2023-27087
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook