sql injection vulnerabilities and exploits

(subscribe to this query)

8.8

CVSSv3

Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was...

Djangoproject Django Debian Debian Linux 9.0 Debian Debian Linux 10.0 Fedoraproject Fedora 31 Fedoraproject Fedora 32 Netapp Steelstore Cloud Integrated Storage -Canonical Ubuntu Linux 18.04 Canonical Ubuntu Linux 19.10 Canonical Ubuntu Linux 16.0415 Github repositories available

9.8

CVSSv3

Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a...

Djangoproject Django37 Github repositories available

9.8

CVSSv3

A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL...

Fortinet Fortiweb1 Article available

9.8

CVSSv3

SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set...

Redhat Dashbuilder Redhat Jboss Bpm Suite 6.0.0 Redhat Jboss Bpm Suite 6.0.1 Redhat Jboss Bpm Suite 6.0.3 Redhat Jboss Bpm Suite 6.1 Redhat Jboss Bpm Suite 6.1.2 Redhat Jboss Enterprise Brms Platform 5.0.0 Redhat Jboss Enterprise Brms Platform 5.3.1 Redhat Jboss Enterprise Brms Platform 6.0.0 Redhat Jboss Enterprise Brms Platform 6.0.1 Redhat Jboss Enterprise Brms Platform 6.0.2 Redhat Jboss Enterprise Brms Platform 6.0.3 Redhat Jboss Enterprise Brms Platform 6.1 Redhat Jboss Enterprise Brms Platform 6.3

9.8

CVSSv3

A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name....

Djangoproject Django Debian Debian Linux 11.03 Github repositories available

9.8

CVSSv3

An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs....

Djangoproject Django Debian Debian Linux 9.0 Debian Debian Linux 11.010 Github repositories available

4.9

CVSSv3

Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via project quotas in the VMware Harbor Container Registry for the Pivotal Platform....

Linuxfoundation Harbor Pivotal Vmware Harbor Registry -

8.8

CVSSv3

An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution....

Cacti Cacti Fedoraproject Fedora 32 Fedoraproject Fedora 33 Fedoraproject Fedora 34

7.2

CVSSv3

Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via user-groups in the VMware Harbor Container Registry for the Pivotal Platform....

Linuxfoundation Harbor Pivotal Vmware Harbor Registry -

NA

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors...

Rubyonrails Rails 4.0.2 Rubyonrails Rails 4.0.1 Rubyonrails Rails 4.1.0 Rubyonrails Rails 4.0.0

Get Started

« PREV 1 2 3 4 5 6 7 8 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook