Latest Security News about sql injection

  1. Home
  2. Search: "sql injection"
Contact US For API Security>

Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability.

Overview : Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability. The impact is high. Malicious users/attackers can execute arbitrary SQL queries negatively affecting the confidentiality, integrity, and availability of the site. Attackers can exfiltrate data like the users' and administrators' password hashes, modify data, or drop tables. The unescaped parameter is "searchUsers" [...]
Continue Reading
Contact US For API Security>

SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA)

  Overview : An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection. CVE-2020-9521   KM03630615- Multiple vulnerabilities lead [...]
Continue Reading
Contact US For API Security>

phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability

Overview : In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as [...]
Continue Reading
Contact US For API Security>

LogicalDoc before 8.3.3 allows SQL Injection

  Overview : LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the list of available documents by querying the database. This list could be filtered by modifying some of the parameters. Some of them are not properly sanitized which could allow an authenticated attacker to perform arbitrary queries to the database. CVE ID :CVE-2020-10365 LogicalDoc [...]
Continue Reading
Contact US For API Security>

SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 SQL Injection Vulnerability

Overview : SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID to be submitted.You may notice when installing SuiteCRM a new panel which allows for the configuration of different collations and type-sets. This is part of our progression towards resolving issues with special characters and emojis. [...]
Continue Reading