| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2023-48788 | Fortinet FortiClient EMS SQL Injection Vulnerability | exploitation_technique | T1190 | Exploit Public-Facing Application |
Comments
This is an SQL injection vulnerability that can be exploited to execute remote code via specially crafted HTTP requests. Adversaries have been observed using this exploit to deploy tools on the target machine.
References
|
| CVE-2023-48788 | Fortinet FortiClient EMS SQL Injection Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
This is an SQL injection vulnerability that can be exploited to execute remote code via specially crafted HTTP requests. Adversaries have been observed using this exploit to deploy tools on the target machine.
References
|
| CVE-2023-48788 | Fortinet FortiClient EMS SQL Injection Vulnerability | secondary_impact | T1105 | Ingress Tool Transfer |
Comments
This is an SQL injection vulnerability that can be exploited to execute remote code via specially crafted HTTP requests. Adversaries have been observed using this exploit to deploy tools on the target machine.
References
|
| CVE-2023-34362 | Progress MOVEit Transfer SQL Injection Vulnerability | exploitation_technique | T1190 | Exploit Public-Facing Application |
Comments
CVE-2023-34362 is a SQL injection vulnerability in a public-facing application. Adversaries have been observed to exploit this vulnerability to install malicious software on a target system, enabling them to discover system settings and information, enumerate the underlying SQL database, retrieve files, create administrator accounts, and delete accounts.
References
|
| CVE-2023-34362 | Progress MOVEit Transfer SQL Injection Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
CVE-2023-34362 is a SQL injection vulnerability in a public-facing application. Adversaries have been observed to exploit this vulnerability to install malicious software on a target system, enabling them to discover system settings and information, enumerate the underlying SQL database, retrieve files, create administrator accounts, and delete accounts.
References
|
| CVE-2023-34362 | Progress MOVEit Transfer SQL Injection Vulnerability | secondary_impact | T1531 | Account Access Removal |
Comments
CVE-2023-34362 is a SQL injection vulnerability in a public-facing application. Adversaries have been observed to exploit this vulnerability to install malicious software on a target system, enabling them to discover system settings and information, enumerate the underlying SQL database, retrieve files, create administrator accounts, and delete accounts.
References
|
| CVE-2023-34362 | Progress MOVEit Transfer SQL Injection Vulnerability | secondary_impact | T1136 | Create Account |
Comments
CVE-2023-34362 is a SQL injection vulnerability in a public-facing application. Adversaries have been observed to exploit this vulnerability to install malicious software on a target system, enabling them to discover system settings and information, enumerate the underlying SQL database, retrieve files, create administrator accounts, and delete accounts.
References
|
| CVE-2023-34362 | Progress MOVEit Transfer SQL Injection Vulnerability | secondary_impact | T1005 | Data from Local System |
Comments
CVE-2023-34362 is a SQL injection vulnerability in a public-facing application. Adversaries have been observed to exploit this vulnerability to install malicious software on a target system, enabling them to discover system settings and information, enumerate the underlying SQL database, retrieve files, create administrator accounts, and delete accounts.
References
|
| CVE-2023-34362 | Progress MOVEit Transfer SQL Injection Vulnerability | secondary_impact | T1082 | System Information Discovery |
Comments
CVE-2023-34362 is a SQL injection vulnerability in a public-facing application. Adversaries have been observed to exploit this vulnerability to install malicious software on a target system, enabling them to discover system settings and information, enumerate the underlying SQL database, retrieve files, create administrator accounts, and delete accounts.
References
|
| CVE-2023-34362 | Progress MOVEit Transfer SQL Injection Vulnerability | secondary_impact | T1105 | Ingress Tool Transfer |
Comments
CVE-2023-34362 is a SQL injection vulnerability in a public-facing application. Adversaries have been observed to exploit this vulnerability to install malicious software on a target system, enabling them to discover system settings and information, enumerate the underlying SQL database, retrieve files, create administrator accounts, and delete accounts.
References
|
| CVE-2021-42258 | BQE BillQuick Web Suite SQL Injection Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
CVE-2021-42258 is a SQL injection vulnerability in BillQuick Web Suite that allows attackers to execute arbitrary SQL commands on the database server
References
|
| CVE-2021-42258 | BQE BillQuick Web Suite SQL Injection Vulnerability | secondary_impact | T1486 | Data Encrypted for Impact |
Comments
CVE-2021-42258 is a SQL injection vulnerability in BillQuick Web Suite that allows attackers to execute arbitrary SQL commands on the database server
References
|
| CVE-2021-27101 | Accellion FTA SQL Injection Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
CVE-2021-27101 is a SQL injection vulnerability in Accellion File Transfer Appliance that allows an adversary to execute SQL commands.
References
|
| CVE-2021-27101 | Accellion FTA SQL Injection Vulnerability | secondary_impact | T1005 | Data from Local System |
Comments
CVE-2021-27101 is a SQL injection vulnerability in Accellion File Transfer Appliance that allows an adversary to execute SQL commands.
References
|
| CVE-2025-25257 | Fortinet FortiWeb SQL Injection Vulnerability | exploitation_technique | T1055 | Process Injection |
Comments
Affected versions of FortiWeb contain insufficient input sanitization, allowing for an attacker to use SQL injection to write a malicious .pth file to the into FortiWeb's site-packages Python directory. This allows the malicious code to execute using the privileges granted to Python scripts in that high-level directory.
References
|
| CVE-2025-25257 | Fortinet FortiWeb SQL Injection Vulnerability | exploitation_technique | T1190 | Exploit Public-Facing Application |
Comments
Affected versions of FortiWeb contain insufficient input sanitization, allowing for an attacker to use SQL injection to write a malicious .pth file to the into FortiWeb's site-packages Python directory. This allows the malicious code to execute using the privileges granted to Python scripts in that high-level directory.
References
|
| CVE-2025-25257 | Fortinet FortiWeb SQL Injection Vulnerability | exploitation_technique | T1068 | Exploitation for Privilege Escalation |
Comments
Affected versions of FortiWeb contain insufficient input sanitization, allowing for an attacker to use SQL injection to write a malicious .pth file to the into FortiWeb's site-packages Python directory. This allows the malicious code to execute using the privileges granted to Python scripts in that high-level directory. Given the use of SQL, this can lead to potential loss of data within the database.
References
|
| CVE-2025-25257 | Fortinet FortiWeb SQL Injection Vulnerability | primary_impact | T1059.004 | Unix Shell |
Comments
Affected versions of FortiWeb contain insufficient input sanitization, allowing for an attacker to use SQL injection to write a malicious .pth file to the into FortiWeb's site-packages Python directory. This allows the malicious code to execute using the privileges granted to Python scripts in that high-level directory. Given the use of SQL, this can lead to potential loss of data within the database.
References
|
| CVE-2025-25257 | Fortinet FortiWeb SQL Injection Vulnerability | secondary_impact | T1485 | Data Destruction |
Comments
Affected versions of FortiWeb contain insufficient input sanitization, allowing for an attacker to use SQL injection to write a malicious .pth file to the into FortiWeb's site-packages Python directory. This allows the malicious code to execute using the privileges granted to Python scripts in that high-level directory. Given the use of SQL, this can lead to potential loss of data within the database.
References
|
| CVE-2025-25181 | Advantive VeraCore SQL Injection Vulnerability | exploitation_technique | T1055 | Process Injection |
Comments
This vulnerability exists in the timeoutwarning.asp file in VeraCore versions up to 2025.1.0 and allows an attacker to execute commands due to a lack of proper input sanitization, leading to effects such as privilege escalation and data destruction.
References
|
| CVE-2025-25181 | Advantive VeraCore SQL Injection Vulnerability | exploitation_technique | T1068 | Exploitation for Privilege Escalation |
Comments
This vulnerability exists in the timeoutwarning.asp file in VeraCore versions up to 2025.1.0 and allows an attacker to execute commands due to a lack of proper input sanitization, leading to effects such as privilege escalation and data destruction.
References
|
| CVE-2025-25181 | Advantive VeraCore SQL Injection Vulnerability | primary_impact | T1485 | Data Destruction |
Comments
This vulnerability exists in the timeoutwarning.asp file in VeraCore versions up to 2025.1.0 and allows an attacker to execute commands due to a lack of proper input sanitization, leading to effects such as privilege escalation and data destruction.
References
|
| CVE-2020-29574 | CyberoamOS (CROS) SQL Injection Vulnerability | exploitation_technique | T1055 | Process Injection |
Comments
Due to an improper sanitization flaw in the web-based CyberRoam WebAdmin administrative panel, an attacker with network access can use SQL injection to execute commands remotely.
References
|
| CVE-2020-29574 | CyberoamOS (CROS) SQL Injection Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
Due to an improper sanitization flaw in the web-based CyberRoam WebAdmin administrative panel, an attacker with network access can use SQL injection to execute commands remotely.
References
|