WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini.
The configuration file containing database logins and passwords is readable by any local user.
MyDumper is a MySQL Logical Backup Tool. The MySQL C client library (libmysqlclient) allows authenticated remote actors to read arbitrary files from client systems via a crafted server response to LOA
itech iLabClient 3.7.1 relies on the hard-coded YngAYdgAE/kKZYu2F2wm6w== key (found in iLabClient.jar) for local users to read or write to the database.
The local iLabClient database in itech iLabClient 3.7.1 allows local attackers to read cleartext credentials (from the CONFIGS table) for their servers configured in the client.
Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php (a public-facing database utility) that are committed to the source repository. Any actor with access to the
Unauthenticated SQL Injection in Form Maker by 10Web <= 1.15.38 versions.
A SQL injection vulnerability exists in mysiteforme versions prior to 2025.01.1.
CWE-1392: Use of Default Credentials
Open Web Analytics (OWA) before 1.8.1 allows owa_db.php v[value] SQL injection.
Unauthenticated SQL Injection in JetEngine < 3.8.9.1 versions.
Unauthenticated SQL Injection in GeekyBot <= 1.2.0 versions.
HCL Workload Scheduler stores user credentials in plain text which can be read by a local user.
Institute-of-Current-Students v1.0 contains a time-based blind SQL injection vulnerability in the mydetailsstudent.php endpoint. The `myds` GET parameter is not adequately sanitized before being used
A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" in maxprofile/menu/model.lua (editUserMenu endpoint) in Q-Free MaxTime less than or equal to version 2.1
MyNET up to v26.08.316 was discovered to contain an Unauthenticated SQL Injection vulnerability via the intmenu parameter.
LyLme Spage <=1.6.0 is vulnerable to SQL Injection via /admin/group.php.
The "serverConfig" endpoint, which returns the module configuration including credentials, is accessible without authentication.
A SQL injection vulnerability in login portal in AnteeoWMS before v4.7.34 allows unauthenticated attackers to execute arbitrary SQL commands via the username parameter and disclosure of some data in t
The database for the web application is exposed without authentication, allowing an unauthenticated remote attacker to gain unauthorized access and potentially compromise it.
Page 1+ Next →