NavigateCMS SQL注入漏洞

Navigate CMS is a powerful and intuitive content management system. A sql injection vulnerability exists in the id parameter in product.php in Navigate CMS 2.9.4 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary sql queries in the backend database...

CVE-2021-29730

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 201164...

Bello < 1.6.0 - Unauthenticated Blind SQL Injection

The theme did not sanitise the btbblistingfieldpricerangeto, btbblistingfieldnowopen, btbblistingfieldmylng, listinglistview and btbblistingfieldmylat parameters before using them in a SQL statement, leading to SQL Injection issues -- Payload: $ -4034 OR 4877=4877 AND 2369=2369 -- PoC 1 |...

SolarWinds Orion Bug Allows Easy Remote-Code Execution and Takeover

Three serious vulnerabilities have been found in SolarWinds products: Two in the Orion User Device Tracker and one in the Serv-U FTP for Windows product. The most severe of these could allow trivial remote code execution with high privileges. The SolarWinds Orion platform is the network managemen...

IBM Security Guardium SQL Injection Vulnerability (CNVD-2021-05465)

IBM Security Guardium is a comprehensive data protection solution that offers a full range of data security features from compliance support to dynamic data shielding. An SQL injection vulnerability exists in IBM Security Guardium 10.6, 11.2. An attacker can exploit this vulnerability by sending...

CVE-2020-26075

A vulnerability in the REST API of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to gain access to the back-end database of an affected device. The vulnerability is due to insufficient input validation of REST API requests that are made to an affected device. ...

Cisco IoT Field Network Director SQL注入漏洞

Cisco IoT Field Network Director IoT-FND is an end-to-end IoT management system from Cisco USA. The system features device management, asset tracking and smart metering. Cisco IoT Field Network Director suffers from a SQL injection vulnerability that results from insufficient input validation of...

Cisco IoT Field Network Director 访问控制错误漏洞

Cisco IoT Field Network Director FND is a network management system for large-scale FAN deployments. An elevation of privilege vulnerability exists in the REST API of Cisco IoT Field Network Director versions prior to 4.6.1. The vulnerability stems from the software failing to properly authentica...

CVE-2020-4655

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM...

Sql injection

IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database...

IBM Sterling File Gateway SQL Injection Vulnerability (CNVD-2020-63940)

IBM Sterling File Gateway is a centralized management gateway product for file transfers from IBM USA. IBM Sterling File Gateway suffers from a SQL injection vulnerability that can be exploited by an attacker to send specially written SQL statements that allow the attacker to view, add, modify, o...

ZZCMS suffers from a file upload vulnerability (CNVD-2020-59410)

ZZCMS is a content management system. A SQL injection vulnerability exists in the backend of ZZCMS2020, which can be exploited by attackers to gain control of the server...

SQL Injection Vulnerability in ZZCMS2020 Backend (CNVD-2020-59403)

ZZCMS is a content management system. A SQL injection vulnerability exists in the backend of ZZCMS2020, which can be exploited by attackers to obtain sensitive information from the database...

Helm Injection Vulnerability

helm is a Kubernetes package manager. An injection vulnerability exists in Helm versions prior to 2.16.11 and 3.3.2. The vulnerability stems from a lack of proper validation of user input data by a networked system or product that fails to filter, or fails to correctly filter out, special element...

CVE-2020-15714

rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.crud.php script using the customLocation parameter, which could allow the attacker to view, add, modify, or delete information in the back-end database...

phpMyAdmin 4.x < 4.9.4 / 5.x < 5.0.1 SQLi (PMASA-2020-1)

According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.x prior to 4.9.4, or 5.x prior to 5.0.1. It is, therefore, affected by a SQL injection SQLi vulnerability in the user accounts page. An authenticated, remote attacker can exploit this, b...

SAP Master Data Governance SQL Injection Vulnerability

SAP Master Data Governance is a suite of data management tools from SAP Germany for maintaining, validating, and distributing master data. A SQL injection vulnerability exists in SAP Master Data Governance. An attacker could exploit this vulnerability by executing specially crafted database query...

XSS Vulnerability in Heybbs Micro Community

Heybbs micro-community is a front-end based on bootstrap + jq + css, back-end php + mysql development of micro-community program. Heybbs Micro Community has an XSS vulnerability that can be exploited by attackers to obtain administrator cookies...

CVE-2019-19094

Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database...

Sql injection

Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database...