CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-29168
https://notcve.org/view.php?id=CVE-2020-29168
17 Feb 2023 — SQL Injection vulnerability in Projectworlds Online Doctor Appointment Booking System, allows attackers to gain sensitive information via the q parameter to the getuser.php endpoint. • https://projectworlds.in/free-projects/php-projects/online-doctor-appointment-booking-system-php-and-mysql/%2C • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10050 – brandonfire miRNA_Database_by_PHP_MySql model.php count_rna sql injection
https://notcve.org/view.php?id=CVE-2015-10050
15 Jan 2023 — A vulnerability was found in brandonfire miRNA_Database_by_PHP_MySql. It has been declared as critical. This vulnerability affects the function __construct/select_single_rna/count_rna of the file inc/model.php. The manipulation leads to sql injection. The patch is identified as 307c5d510841e6142ddcbbdbb93d0e8a0dc3fd6a. • https://github.com/brandonfire/miRNA_Database_by_PHP_MySql/commit/307c5d510841e6142ddcbbdbb93d0e8a0dc3fd6a • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3779 – Ruby-MySQL Gem Client File Read
https://notcve.org/view.php?id=CVE-2021-3779
28 Jun 2022 — A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and later. Un servidor MySQL malicioso puede solicitar el contenido de un archivo local a un cliente usando ruby-mysql versiones anteriores a 2.10.0, sin autorización explícita del usuario. Este problema ha sido resuelto en versiones 2.10.0 y posteriores • https://www.rapid7.com/blog/post/2022/06/28/cve-2021-3779-ruby-mysql-gem-client-file-read-fixed • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-28102
https://notcve.org/view.php?id=CVE-2022-28102
28 Apr 2022 — A cross-site scripting (XSS) vulnerability in PHP MySQL Admin Panel Generator v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected at /edit-db.php. Una vulnerabilidad de tipo cross-site scripting (XSS) en PHP MySQL Admin Panel Generator versión v1, permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de una carga útil diseñada inyectada en el archivo /edit-db.php • http://php-mysql-admin-panel-generator.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-29283
https://notcve.org/view.php?id=CVE-2020-29283
02 Dec 2020 — An SQL injection vulnerability was discovered in Online Doctor Appointment Booking System PHP and Mysql via the q parameter to getuser.php. Se detectó una vulnerabilidad de inyección SQL en Online Doctor Appointment Booking System PHP por medio del parámetro q en el archivo getuser.php • https://github.com/BigTiger2020/Online-Doctor-Appointment-Booking-System-PHP/blob/main/README.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 7%CPEs: 1EXPL: 3CVE-2020-28687 – Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile
https://notcve.org/view.php?id=CVE-2020-28687
16 Nov 2020 — The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files. La funcionalidad edit profile en ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT AND MYSQL versión 1.0, permite a atacantes remotos cargar archivos Artworks Gallery version 1.0 suffers from multiple remote shell upload vulnerabilities. • https://packetstorm.news/files/id/160095 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 7%CPEs: 1EXPL: 3CVE-2020-28688 – Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Add Artwork
https://notcve.org/view.php?id=CVE-2020-28688
16 Nov 2020 — The add artwork functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files. La funcionalidad add artwork en ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT AND MYSQL versión 1.0, permite a atacantes remotos cargar archivos Artworks Gallery version 1.0 suffers from multiple remote shell upload vulnerabilities. • https://packetstorm.news/files/id/160095 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14939
https://notcve.org/view.php?id=CVE-2019-14939
12 Aug 2019 — An issue was discovered in the mysql (aka mysqljs) module 2.17.1 for Node.js. The LOAD DATA LOCAL INFILE option is open by default. Se detectó un problema en el módulo mysql (también conocido como mysqljs) versión 2.17.1, para Node.js. La opción LOAD DATA LOCAL INFILE está abierta por defecto. • https://github.com/mysqljs/mysql/issues/2257 •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2018-3754
https://notcve.org/view.php?id=CVE-2018-3754
03 Jul 2018 — Node.js third-party module query-mysql versions 0.0.0, 0.0.1, and 0.0.2 are vulnerable to an SQL injection vulnerability due to lack of user input sanitization. This may allow an attacker to run arbitrary SQL queries when fetching data from database. El modulo externo de Node.js query-mysql en sus versiones 0.0.0, 0.0.1 y 0.0.2 es vulnerable a una inyección SQL debido a la falta de saneamiento de las entradas del usuario. Esto podría permitir que un atacante ejecute consultas SQL arbitrarias cuando se recup... • https://hackerone.com/reports/311244 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2018-10757 – CSP MySQL User Manager 2.3.1 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2018-10757
04 May 2018 — CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant Authentication Bypass, via a crafted username during a login attempt. CSP MySQL User Manager 2.3.1 permite la inyección SQL y una omisión de autenticación resultante mediante un nombre de usuario manipulado durante un intento de inicio de sesión. CSP MySQL User Manager version 2.3.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass. • https://packetstorm.news/files/id/147501 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •