Topic

SQL

A collection of 114 issues

CVE-2022-33880 Projectworlds Hospital Management System Mini-Project through 2018-06-17 allows SQL injection via the type parameter.

This issue exists because of the way the type parameter is sanitized when passing data into the SELECT statement. A remote attacker can leverage this issue to execute arbitrary SQL commands. It is recommended that the type parameter be validated when passing user-supplied data into the SELECT statement. It is

CVE-2022-35137 DGIOT 4.5.4 had multiple XSS vulnerabilities.

These issues could be exploited by malicious people to conduct cross-site scripting attacks. A total of 14 XSS flaws were found in DGIOT Lightweight industrial IoT. Some of these issues were rated with high severity and could be exploited by attackers to conduct XSS attacks against users of the software.

CVE-2021-45788 Time-based SQL Injection was found in Metersphere v1.15.4 via the "orders" parameter.

A Cross-site scripting vulnerability was found in X-Rite’s iColor Passport v3.2.2 via the "password" parameter. A SQL Injection was found in X-Rite’s iColor Passport v3.2.2 via the "password" parameter. A SQL Injection was found in X-Rite’s iColor Passport v3.2.2 via the

CVE-2022-40353 The local file of the Tour & Travels Management System v1.0 was found to be vulnerable to SQL injection.

An attacker can exploit this vulnerability to inject arbitrary SQL queries into the application, causing the backend to crash. An attacker can exploit this vulnerability to inject arbitrary SQL queries into the application, causing the backend to crash. In addition, this software may collect users’ data via the name and

CVE-2022-40352 The tour & travels management system v1.0 had a SQL injection vulnerability through the id parameter.

A person could exploit this vulnerability to execute arbitrary SQL commands with system privileges or cause a denial of service. We assume no risk of exploitation, and do not recommend installing this extension unless you understand the risks and make your own determination. 3. OpenCms (Web Content Management) OpenCms is

CVE-2022-40199 An attacker with administrative privileges can obtain the product's directory structure.

This can potentially lead to the disclosure of sensitive information, such as usernames and password hash values. An attacker can exploit this vulnerability to gain access to other sections of the system that they should not have access to. An attacker can also perform a cross-site request forgery attack, allowing

CVE-2022-41570 An issue was discovered in EyesOfNetwork (EON) through 5.3.11

This issue has been resolved by upgrading to EON 5.3.12. An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Unauthenticated SQL injection can occur. This issue has been resolved by upgrading to EON 5.3.12. - CVE-2018-19377 An issue was discovered in EyesOfNetwork (EON) through

CVE-2022-40099 The id parameter of the TOURES Management System v1.0 was found to be vulnerable to SQL injection.

An attacker can exploit this vulnerability to inject arbitrary SQL queries into the affected system and obtain sensitive information or even execute arbitrary code. An attacker can exploit the SQL injection vulnerability to execute arbitrary SQL commands that allow them to manipulate or delete data in the database. It is

CVE-2021-3782 An internal reference count is kept on the buffer pool to track each new buffer.

The reference count can be increased by creating an external reference to a buffer storage object, or creating a large number of external references to a particular buffer storage object. The number of external references to a buffer storage object must be greater than or equal to the number of

CVE-2022-38509 Wedding Planner v1.0 had a SQL injection vulnerability where the booking_id parameter was vulnerable.

An attacker can inject malicious SQL code or cause SQL errors in the database via the booking_id parameter. In certain cases, SQL injection can lead to data manipulation, denial of service, or the leaking of user information. You should monitor any input that comes from a user and make