-
# Summary
A critical SQL injection vulnerability has been identified in LimeSurvey version 6.5.14-240624. This vulnerability exists in the `actionUpdateSurveyLocaleSettingsGeneralSettings()` function…
-
я заметил что ты используешь mysql_query для выполнения различных запросов, вставляя какие-либо данные от пользователя в строку запроса. Например:
mysqli_query($connection, "DELETE FROM `comments` W…
-
In the example below, if the argument `gameID` includes the sql injection, it will be included inside final SQL query.
```javascript
serverMaps: {
sqlPaginate: true,
type: ServerMapConnection,…
-
### Describe the bug
In the source code, I noticed that ZAP is supposed to detect Union Based vulnerabilities. However, when I tested ZAP with 30 test cases, most of which included Union Based SQLi v…
-
Hi,
I am here to report a web vulnerability I have found in your product. It is a Blind SQL Injection in the Workspace page.
Steps to Reproduce:
1. Login to application
2. Click on "Workspac…
-
I noticed that this repo makes no attempt to validate inputs or escape its SQL. I realize that it's just an example, but, since it describes itself as a reference implementation and is recommended fro…
-
an mehreren Stellen gibts die Möglichkeit von SQL injections, primär weil `mysqli_real_escape_string()` falsch verstanden wird.
Die Funktion ist keineswegs ein Allheilmittel zum Absichern von Input…
-
## What version of OpenRewrite are you using?
I am using
- OpenRewrite v5.35.0
- Maven/Gradle plugin v5.35.0
- rewrite-java-security v2.10.3
## How are you running OpenRewrite?
I am using th…
-
When passing an orderby to the request there is an SQL Injection vulnerability.
For example /orderby/someTable.SOMEPROPERTY%20WAITFOR%20DELAY%20'0:0:10'-- will effectively delay the query.
I hav…
-