CVE-2018-14623

A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is...

CVE-2018-14623

A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is...

CVE-2018-14623

A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is...

CVE-2018-14623

A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs...

SaltOS SQL Injection Vulnerability

SaltOS is a suite of enterprise management solutions from the SaltOS program. The product integrates features such as CRM Customer Relationship Management and ERP Enterprise Resource Planning. A SQL injection vulnerability exists in SaltOS version 3.1 r8126, which can be exploited by remote...

Library Management System SQL Injection Vulnerability

Library Management System is a library management system. A SQL injection vulnerability exists in Library Management System version 1.0. A remote attacker can use the 'Search for Books' page to view, add, modify, or delete information in the back-end database...

School Event Management System SQL Injection Vulnerability

School Event Management System is a school event management system. A SQL injection vulnerability exists in School Event Management System version 1.0, which can be exploited by remote attackers to view, add, modify or delete information in the back-end database by sending the 'id' parameter to t...

Bakeshop Inventory System SQL Injection Vulnerability

Bakeshop Inventory System is a bakery inventory management system. A SQL injection vulnerability exists in Bakeshop Inventory System version 1.0. A remote attacker can use the login page to view, add, modify, or delete information in the back-end database...

Arbitrary File Deletion Vulnerability in HDWiki System Backend Database

Interactive Wiki open source system HDwiki is a free wiki Wiki building system. There is an arbitrary file deletion vulnerability in the backend database of the HDWiki system. An attacker can exploit the vulnerability to delete arbitrary files...

REDAXO SQL Injection Vulnerability (CNVD-2019-18492)

REDAXO is an open source Web portal content management system . The system supports custom modules , plug-in extensions , project backup and so on. REDAXO 5.6.3 before the version of the core/lib/list.php file 'prepareQuery' function there is a SQL injection vulnerability , a remote attacker can...

CVE-2018-1819

IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2, 3.0.4, 3.0.6, and 3.2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end databas...

Frappe ERPNext SQL Injection Vulnerability

Frappe ERPNext is an open source ERP Enterprise Resource Planning system. The system includes functions for financial management, inventory management, customer relationship management, project management and human resource management. A SQL injection vulnerability exists in the 'sortby' paramete...

Arbitrary File Deletion Vulnerability in PHPMyWind Backend Database Management System

PHPMyWind is a PHP+MySQL based, W3C compliant website building engine for enterprise level website building. An arbitrary file deletion vulnerability exists in the PHPMyWind backend database management. An attacker can exploit the vulnerability to delete arbitrary files...

EMLsoft 'numPerPage' Parameter SQL Injection Vulnerability

EMLsoft is an enterprise address book management system. A SQL injection vulnerability exists in the upload\eml\action\action.address.php file in EMLsoft version 5.4.5. A remote attacker can exploit this vulnerability to view, add, modify or delete information in the back-end database with the he...

joyplus-cms SQL Injection Vulnerability

joyplus-cms joy video is an open source video backend management system based on PHP and MySQL. The system has a video resource acquisition , user feedback management , automatic address resolution and message push management and other functions . A SQL injection vulnerability exists in joyplus-c...

CVE-2016-6566 The Sungard eTRAKiT3 software version 3.2.1.17 may be vulnerable to SQL injection which may allow a remote unauthenticated attacker to run a subset of SQL commands against the back-end database

The valueAsString parameter inside the JSON payload contained by the ucLogintxtLoginIdClientStat POST parameter of the Sungard eTRAKiT3 software version 3.2.1.17 is not properly validated. An unauthenticated remote attacker may be able to modify the POST request and insert a SQL query which may...

Security Bulletin: Multiple Security Vulnerabilities have been addressed in LCMS Premier on Cloud 10.1

Summary Multiple Security Vulnerabilities have been addressed in LCMS Premier on Cloud 10.1 Vulnerability Details Relevant CVE Information: CVEID: CVE-2016-5952 DESCRIPTION: IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL...

Security Bulletin: IBM Maximo Asset Management is vulnerable to SQL injection (CVE-2018-1414)

Summary IBM Maximo Asset Management is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. Vulnerability Details CVEID: CVE-2018-1414 DESCRIPTION: IBM Maximo...

CVE-2018-1252

RSA Web Threat Detection versions prior to 6.4, contain an SQL injection vulnerability in the Administration and Forensics applications. An authenticated malicious user with low privileges could potentially exploit this vulnerability to execute SQL commands on the back-end database to gain...

iScripts eSwap 'ToId' Parameter SQL Injection Vulnerability

iScripts eSwap is a set of item trading software. The software supports trading with virtual currencies or directly exchanging items. A SQL injection vulnerability exists in iScripts eSwap version 2.4. A remote attacker can use the 'ToId' parameter to view, add, modify, or delete information in t...