Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
sql injection vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-9402
Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was...
Djangoproject Django
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 32
12 Github repositories available
9.8
CVSSv3
CVE-2020-7471
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a...
Djangoproject Django
34 Github repositories available
9.8
CVSSv3
CVE-2016-4999
SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set...
Redhat Dashbuilder
Redhat Jboss Bpm Suite 6.0.0
Redhat Jboss Bpm Suite 6.0.1
Redhat Jboss Bpm Suite 6.0.3
Redhat Jboss Bpm Suite 6.1
Redhat Jboss Bpm Suite 6.1.2
Redhat Jboss Enterprise Brms Platform 5.0.0
Redhat Jboss Enterprise Brms Platform 5.3.1
Redhat Jboss Enterprise Brms Platform 6.0.0
Redhat Jboss Enterprise Brms Platform 6.0.1
Redhat Jboss Enterprise Brms Platform 6.0.2
Redhat Jboss Enterprise Brms Platform 6.0.3
Redhat Jboss Enterprise Brms Platform 6.1
Redhat Jboss Enterprise Brms Platform 6.3
9.8
CVSSv3
CVE-2020-29015
A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL...
Fortinet Fortiweb
1 Article available
9.8
CVSSv3
CVE-2022-28347
A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name....
Djangoproject Django
1 Github repository available
9.8
CVSSv3
CVE-2022-28346
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs....
Djangoproject Django
Debian Debian Linux 9.0
5 Github repositories available
8.8
CVSSv3
CVE-2020-35701
An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution....
Cacti Cacti
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
NA
CVE-2014-0080
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors...
Rubyonrails Rails 4.0.2
Rubyonrails Rails 4.0.1
Rubyonrails Rails 4.1.0
Rubyonrails Rails 4.0.0
4.9
CVSSv3
CVE-2019-19026
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via project quotas in the VMware Harbor Container Registry for the Pivotal Platform....
Linuxfoundation Harbor
Pivotal Vmware Harbor Registry -
6.5
CVSSv3
CVE-2018-1096
An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this flaw to perform an SQL injection attack on the back end database....
Theforeman Foreman
Redhat Satellite 6.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-30216
administrator privileges
reflected XSS
CVE-2022-35011
CVE-2022-34713
CVE-2022-35009
CVE-2022-35479
CVE-2022-1410
authentication bypass
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »