Vulmon Recent Vulnerabilities Trends Blog About Contact

sql injection vulnerabilities and exploits

(subscribe to this query)

7.5
CVSSv2
CVE-2013-4461
SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to execute arbitrary SQL commands via vectors related to the "filtering table operator."...
Redhat Enterprise Mrg 2.4
7.5
CVSSv2
CVE-2016-4999
SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set...
Dashbuilder Project Dashbuilder -Redhat Jboss Bpm Suite 6.0.0Redhat Jboss Bpm Suite 6.0.1Redhat Jboss Bpm Suite 6.0.3Redhat Jboss Bpm Suite 6.1Redhat Jboss Bpm Suite 6.1.2Redhat Jboss Enterprise Brms Platform 5.0.0Redhat Jboss Enterprise Brms Platform 5.3.1Redhat Jboss Enterprise Brms Platform 6.0.0Redhat Jboss Enterprise Brms Platform 6.0.1Redhat Jboss Enterprise Brms Platform 6.0.2Redhat Jboss Enterprise Brms Platform 6.0.3Redhat Jboss Enterprise Brms Platform 6.1Redhat Jboss Enterprise Brms Platform 6.3
4
CVSSv2
CVE-2018-14623
A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072....
Theforeman Katello
6.5
CVSSv2
CVE-2014-0137
SQL injection vulnerability in the saved_report_delete action in the ReportController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to MiqReportResult.exists....
Redhat Cloudforms 3.0 Management Engine 5.2Redhat Cloudforms 3.0 Management Engine 5.2.1Redhat Cloudforms 3.0 Management Engine 5.2.2Redhat Cloudforms 3.0 Management Engine
6.5
CVSSv2
CVE-2020-9402
Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was...
Djangoproject DjangoDebian Debian Linux 9.0Debian Debian Linux 10.0Fedoraproject Fedora 32
6.8
CVSSv2
CVE-2014-0080
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors...
Rubyonrails Rails 4.0.0Rubyonrails Rails 4.0.1Rubyonrails Rails 4.0.2Rubyonrails Rails 4.1.0
4
CVSSv2
CVE-2018-1096
An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this flaw to perform an SQL injection attack on the back end database....
Theforeman ForemanRedhat Satellite 6.4
7.5
CVSSv2
CVE-2020-7471
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a...
Djangoproject Django
7.5
CVSSv2
CVE-2018-16850
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges....
Postgresql PostgresqlRedhat Enterprise Linux 7.0Redhat Enterprise Linux 7.4Redhat Enterprise Linux 7.5Redhat Enterprise Linux 7.6Canonical Ubuntu Linux 18.04Canonical Ubuntu Linux 18.10
6.5
CVSSv2
CVE-2020-35701
An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution....
Cacti Cacti
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-2109NULL pointer dereferenceCVE-2021-1300local usersCVE-2021-1250CVE-2020-6207dosCVE-2021-1249CVE-2020-11214