pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, th
go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/append_value.go.
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve
Ghidra 11.0 before 12.1 contains a SQL injection vulnerability in the changePassword() method of PostgresFunctionDatabase that fails to escape double quotes in usernames interpolated into ALTER ROLE s
uptrace pgdriver v1.2.1 was discovered to contain a SQL injection vulnerability via the appendArg function in /pgdriver/format.go. The maintainer has stated that the issue is fixed in v1.2.15.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Potenzaglobalsolutions PGS Core pgs-core allows SQL Injection.This issue affects PGS Core: from n/
SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection.
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.5 and 8.6.31, a SQL injection vulnerability exists in the PostgreSQL storag
SQL Injection in editor_sql_run and query_ex in eosphoros-ai DB-GPT 0.7.0 allows remote attackers to execute arbitrary SQL statements via crafted input passed to the /v1/editor/sql/run or /v1/editor/c
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in elixir-ecto postgrex ('Elixir.Postgrex.Notifications' module) allows SQL Injection.
The channel a
ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Prior to version 5.22.9, improper escaping of a query parameter may allow an attacker to
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting InsureE GL allows SQL Injection.
This issue affects InsureE GL: before 4.6.2.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows SQL Injection.This issue affects WPGuppy: f
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.10 and 8.6.36, an attacker with access to the master key can inject malicio
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpo-HR NGG Smart Image Search ngg-smart-image-search allows SQL Injection.This issue affects NGG S
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in rnystrom TSB Occasion Editor tsb-occasion-editor allows SQL Injection.This issue affects TSB Occas
SQL injection in pgAdmin 4's named restore point endpoint (POST /browser/server/restore_point/{gid}/{sid}). The user-supplied 'value' field was interpolated directly into the SQL string with str.forma
SQL injection in pgAdmin 4 across every dialog template that renders ``COMMENT ON ... IS ''`` for a user-supplied description field. The Jinja templates for Domains (and their constraints
SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to c_password = '%@' in changePasswordForLogin.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in traveller11 Google Maps Travel Route google-maps-travel-route allows SQL Injection.This issue affe
Page 1+ Next →