303 matches found
CVE-2021-44161
Changing MOTP Mobile One Time Password system’s specific function parameter has insufficient validation for user input. A attacker in local area network can perform SQL injection attack to read, modify or delete backend database without authentication...
CVE-2021-44161 Changing Information Technology Inc. MOTP(Mobile One Time Password) - SQL Injection
Changing MOTP Mobile One Time Password system’s specific function parameter has insufficient validation for user input. A attacker in local area network can perform SQL injection attack to read, modify or delete backend database without authentication...
CVE-2021-42064
If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized "in" clause, SAP Commerce - versions 1905, 2005, 2105, 2011, allows attacker to execute crafted database queries, exposing backend database. The vulnerability is present if th...
CVE-2021-40842
Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. A malicious URL visited by anyone with network access to the...
Sql injection
Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. A malicious URL visited by anyone with network access to the...
CVE-2021-33688
SAP Business One allows an attacker with business privileges to execute crafted database queries, exposing the back-end database. Due to framework restrictions, only some information can be obtained...
CVE-2021-38176
Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call NZDT function modules listed in Solution Section to execute manipulated query or inject ABAP code to gain access to Backend Database. On successful exploitation the threat actor could...
Navigate CMS sql injection vulnerability (CNVD-2021-57421)
Navigate CMS is a powerful and intuitive content management system. A sql injection vulnerability exists in the id parameter in product.php in Navigate CMS 2.9.4 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary sql queries in the backend database...
Navigate CMS sql injection vulnerability (CNVD-2021-57423)
Navigate CMS is a powerful and intuitive content management system. A sql injection vulnerability exists in the block-order parameter of the block function in Navigate CMS 2.9.4 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary sql queries in the backend databa...
Navigate CMS sql injection vulnerability (CNVD-2021-57420)
Navigate CMS is a powerful and intuitive content management system. A sql injection vulnerability exists in the template-properties-order parameter in templates.php in Navigate CMS 2.9.4 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary sql queries in the backe...
Navigate CMS sql injection vulnerability (CNVD-2021-57422)
Navigate CMS is a powerful and intuitive content management system. A sql injection vulnerability exists in the childrenorder parameter in structure.php in Navigate CMS 2.9.4 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary sql queries in the backend database...
Navigate CMS sql injection vulnerability (CNVD-2021-57419)
Navigate CMS is a powerful and intuitive content management system. A sql injection vulnerability exists in the products-order parameter in products.php in Navigate CMS 2.9.4 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary sql queries in the backend database...
CVE-2021-37475
In NavigateCMS version 2.9.4 and below, function in templates.php is vulnerable to sql injection on parameter template-properties-order, which results in arbitrary sql query execution in the backend database...
CVE-2021-37473
In NavigateCMS version 2.9.4 and below, function in product.php is vulnerable to sql injection on parameter products-order through a post request, which results in arbitrary sql query execution in the backend database...
Sql injection
In NavigateCMS version 2.9.4 and below, function in templates.php is vulnerable to sql injection on parameter template-properties-order, which results in arbitrary sql query execution in the backend database...
Sql injection
In NavigateCMS version 2.9.4 and below, function block is vulnerable to sql injection on parameter block-order, which results in arbitrary sql query execution in the backend database...
Sql injection
In NavigateCMS version 2.9.4 and below, function in product.php is vulnerable to sql injection on parameter id through a post request, which results in arbitrary sql query execution in the backend database...
CVE-2021-37477
In NavigateCMS version 2.9.4 and below, function in structure.php is vulnerable to sql injection on parameter childrenorder, which results in arbitrary sql query execution in the backend database...
CVE-2021-37475
In NavigateCMS version 2.9.4 and below, function in templates.php is vulnerable to sql injection on parameter template-properties-order, which results in arbitrary sql query execution in the backend database...
CVE-2021-37473
In NavigateCMS version 2.9.4 and below, function in product.php is vulnerable to sql injection on parameter products-order through a post request, which results in arbitrary sql query execution in the backend database...