Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
sql injection vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-9402
Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was...
Djangoproject Django
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Netapp Steelstore Cloud Integrated Storage -
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 16.04
15 Github repositories available
9.8
CVSSv3
CVE-2020-7471
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a...
Djangoproject Django
37 Github repositories available
9.8
CVSSv3
CVE-2020-29015
A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL...
Fortinet Fortiweb
1 Article available
9.8
CVSSv3
CVE-2016-4999
SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set...
Redhat Dashbuilder
Redhat Jboss Bpm Suite 6.0.0
Redhat Jboss Bpm Suite 6.0.1
Redhat Jboss Bpm Suite 6.0.3
Redhat Jboss Bpm Suite 6.1
Redhat Jboss Bpm Suite 6.1.2
Redhat Jboss Enterprise Brms Platform 5.0.0
Redhat Jboss Enterprise Brms Platform 5.3.1
Redhat Jboss Enterprise Brms Platform 6.0.0
Redhat Jboss Enterprise Brms Platform 6.0.1
Redhat Jboss Enterprise Brms Platform 6.0.2
Redhat Jboss Enterprise Brms Platform 6.0.3
Redhat Jboss Enterprise Brms Platform 6.1
Redhat Jboss Enterprise Brms Platform 6.3
9.8
CVSSv3
CVE-2022-28347
A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name....
Djangoproject Django
Debian Debian Linux 11.0
3 Github repositories available
9.8
CVSSv3
CVE-2022-28346
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs....
Djangoproject Django
Debian Debian Linux 9.0
Debian Debian Linux 11.0
10 Github repositories available
4.9
CVSSv3
CVE-2019-19026
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via project quotas in the VMware Harbor Container Registry for the Pivotal Platform....
Linuxfoundation Harbor
Pivotal Vmware Harbor Registry -
8.8
CVSSv3
CVE-2020-35701
An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution....
Cacti Cacti
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
7.2
CVSSv3
CVE-2019-19029
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via user-groups in the VMware Harbor Container Registry for the Pivotal Platform....
Linuxfoundation Harbor
Pivotal Vmware Harbor Registry -
NA
CVE-2014-0080
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors...
Rubyonrails Rails 4.0.2
Rubyonrails Rails 4.0.1
Rubyonrails Rails 4.1.0
Rubyonrails Rails 4.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2023-21014
CVE-2023-21052
arbitrary
CVE-2023-27579
open redirect
CVE-2023-21019
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »