Latest Security News about sql commands

SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA)

  Overview : An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection. CVE-2020-9521   KM03630615- Multiple vulnerabilities lead [...]

LogicalDoc before 8.3.3 allows SQL Injection

  Overview : LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the list of available documents by querying the database. This list could be filtered by modifying some of the parameters. Some of them are not properly sanitized which could allow an authenticated attacker to perform arbitrary queries to the database. CVE ID :CVE-2020-10365 LogicalDoc [...]

Accentis Content Resource Management System suffer from a remote SQL injection vulnerability.

Overview : Accentis Content Resource Management System versions released prior to the October 2015 patch suffer from a remote SQL injection vulnerability. Affected Product(s) : Accentis Content Resource Management System Vulnerability Details : CVE ID : CVE-2015-3424 SQL injection vulnerability in Accentis Content Resource Management System before the October 2015 patch allows remote attackers to […]

SQL injection vulnerability in Terrasoft Bpm’online CRM

Overview : A SQL injection vulnerability in the method Terrasoft.Core.DB.Column.Const() in Terrasoft Bpm’online CRM-System SDK 7.13 permits attackers to execute arbitrary SQL commands using the value parameter. Affected Product(s) : NVD (National Vulnerability Database) CWE Slice Vulnerability Details : CVE ID : CVE-2019-15301 Solution : The vulnerabilities are fixed in latest versions

Vulnerabilities Discovered in CIPAce Enterprise Platform

  Overview : A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make HTTP GET requests to a certain URL and obtain information about what files and directories reside on the server. CVE-2020-11596 Vulnerabilities Discovered in CIPAce Enterprise Platform Versions Tested: CIPAce Version < 6.80 Build 2016031401 CIPAce [...]