CWE-89

Plixer Scrutinizer 19.0.2 is affected by: SQL Injection. The impact is: obtain sensitive information (remote).

The Administration GUI component of TIBCO Software Inc.’s TIBCO Administrator – Enterprise Edition, TIBCO Administrator – Enterprise Edition, TIBCO Administrator – Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator – Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator – Enterprise Edition for z/Linux, and TIBCO Administrator – Enterprise Edition for z/Linux contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a SQL injection attack on the affected system. Affected releases are TIBCO Software Inc.’s TIBCO Administrator – Enterprise Edition: versions 5.10.2 and below, TIBCO Administrator – Enterprise Edition: versions 5.11.0 and 5.11.1, TIBCO Administrator – Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.10.2 and below, TIBCO Administrator – Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.11.0 and 5.11.1, TIBCO Administrator – Enterprise Edition for z/Linux: versions 5.10.2 and below, and TIBCO Administrator – Enterprise Edition for z/Linux: versions 5.11.0 and 5.11.1.

J2eeFAST 2.2.1 allows remote attackers to perform SQL injection via the (1) compId parameter to fast/sys/user/list, (2) deptId parameter to fast/sys/role/list, or (3) roleId parameter to fast/sys/role/authUser/list, related to the use of ${} to join SQL statements.

The vhs (aka VHS: Fluid ViewHelpers) extension before 5.1.1 for TYPO3 allows SQL injection via isLanguageViewHelper.

The “order_col” parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases.