Latest Security News about sql injection vulnerability

Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability.

Overview : Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability. The impact is high. Malicious users/attackers can execute arbitrary SQL queries negatively affecting the confidentiality, integrity, and availability of the site. Attackers can exfiltrate data like the users' and administrators' password hashes, modify data, or drop tables. The unescaped parameter is "searchUsers" [...]

SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA)

  Overview : An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection. CVE-2020-9521   KM03630615- Multiple vulnerabilities lead [...]

phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability

Overview : In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as [...]

Accentis Content Resource Management System suffer from a remote SQL injection vulnerability.

Overview : Accentis Content Resource Management System versions released prior to the October 2015 patch suffer from a remote SQL injection vulnerability. Affected Product(s) : Accentis Content Resource Management System Vulnerability Details : CVE ID : CVE-2015-3424 SQL injection vulnerability in Accentis Content Resource Management System before the October 2015 patch allows remote attackers to […]