Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
sql injection vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-30116
Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is x.x.x.x/dl.asp When an attacker...
Kaseya Vsa Agent
Kaseya Vsa Server
2 Github repositories available
7 Articles available
9.8
CVSSv3
CVE-2018-18641
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Cleartext Storage of Sensitive Information....
Gitlab Gitlab
8.8
CVSSv3
CVE-2021-42760
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclose sensitive information from DB tables via crafted requests....
Fortinet Fortiwlm
9.8
CVSSv3
CVE-2021-35042
Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application....
Djangoproject Django
Fedoraproject Fedora 34
17 Github repositories available
7.5
CVE-2022-45931
A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java deleteUser function is affected when the API interface /auth/v1/users/ is used....
Linuxfoundation Opendaylight 0.16.0
Linuxfoundation Opendaylight 0.16.4
Linuxfoundation Opendaylight 0.15.6
Linuxfoundation Opendaylight 0.15.0
1 Github repository available
7.5
CVE-2022-45932
A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStore.java deleteRole function is affected when the API interface /auth/v1/roles/ is used....
Linuxfoundation Opendaylight 0.16.0
Linuxfoundation Opendaylight 0.16.4
Linuxfoundation Opendaylight 0.15.6
Linuxfoundation Opendaylight 0.15.0
1 Github repository available
8
CVE-2022-36961
A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution....
Solarwinds Orion Platform
8.8
CVSSv3
CVE-2022-24407
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement....
Cyrusimap Cyrus-sasl
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Netapp Ontap Select Deploy Administration Utility -
Netapp Active Iq Unified Manager -
Oracle Communications Cloud Native Core Security Edge Protection Proxy 22.1.1
Oracle Communications Cloud Native Core Console 22.2.0
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 22.2.0
3 Github repositories available
9.8
CVE-2023-1153
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pacsrapor allows SQL Injection, Command Line Execution through SQL Injection.This issue affects Pacsrapor: before 1.22....
Pacsrapor Pacsrapor
7.2
CVSSv3
CVE-2020-5515
Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection....
Gilacms Gila Cms 1.11.8
1 Github repository available
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2023-21068
CVE-2023-21077
unspecified
CVE-2023-21070
CVE-2023-21016
file upload
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »