182 matches found
WordPress wp-advanced-search SQL Injection Vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.LearnPress is a learning management system plugin used in it. A SQL injection vulnerability exists in the import function in...
PT-2020-1364 · Cisco · Cisco Data Center Network Manager
Name of the Vulnerable Software and Affected Versions: Cisco Data Center Network Manager affected versions not specified Description: The issue is related to multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager, which could allow an authenticated, remot...
Octeth Oempro SQL Injection Vulnerability
Octeth Oempro is a suite of email marketing software from Octeth USA. An SQL injection vulnerability exists in the 'CampaignID' parameter of Campaign.Get in Octeth Oempro version 4.7. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based...
Metinfo SQL Injection Vulnerability (CNVD-2019-42846)
MetInfo is a content management system CMS developed by China Mito MetInfo using PHP and Mysql. A SQL injection vulnerability exists in MetInfo. The vulnerability stems from a lack of validation of externally entered SQL statements in the database-based application. An attacker can exploit this...
CVE-2019-3661 Advanced Threat Defense (ATD) - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' in McAfee Advanced Threat Defense ATD prior to 4.8 allows remote authenticated attacker to execute database commands via carefully constructed time based payloads...
CVE-2019-13076
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /userui/ticketlist.php, and affected parameters are order0column and order0dir...
CVE-2019-13078
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /common/userprofile.php. The affected parameter is sortcolumn...
TYPO3 URL redirect SQL Injection Vulnerability
TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association . URL redirect is used in which a URL redirection extension plugin . A SQL injection vulnerability exists in TYPO3 URL redirect 1.2.1 and earlier versions. The vulnerability stems from a lac...
WordPress awesome-filterable-portfolio plugin SQL injection vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. awesome-filterable-portfolio is a plugin that supports the creation, management and publishing of personal portfolios. A SQL injection...
eBrigade SQL Injection Vulnerability
eBrigade is a rescue team management system. The system includes personnel management, vehicle management and equipment management. A SQL injection vulnerability exists in eBrigade versions prior to 5.0. The vulnerability stems from a lack of validation of externally entered SQL statements in...
Prophecy International Snare Central SQL Injection Vulnerability
Prophecy International Snare Central is a suite of log collection and management tools from Prophecy International Australia. A SQL injection vulnerability exists in Prophecy International Snare Central versions prior to 7.4.5, which stems from a lack of validation of externally-entered SQL...
WordPress gallery-photo-gallery plugin SQL injection vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. gallery-photo-gallery is a responsive gallery plugin used in it. A SQL injection vulnerability exists in the WordPress...
WordPress note-press plugin SQL injection vulnerability
WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. note-press is a WordPress admin panel annotation plugin used in it. A SQL injection vulnerability exists in the WordPress note-pre...
PT-2019-17697 · Nextcloud · Nextcloud Lookup-Server
Name of the Vulnerable Software and Affected Versions: Nextcloud Lookup-Server versions prior to 0.3.0 Description: The issue allows unauthenticated users to execute arbitrary SQL commands due to an SQL Injection. This affects the Nextcloud Lookup-Server running on https://lookup.nextcloud.com...
OpenSNS SQL Injection Vulnerability
OpenSNS is a Comprehensive Social Software developed by Thinking Sky Technology. A SQL injection vulnerability exists in OpenSNS 6.1.0. An attacker can exploit this vulnerability by using the index.php?s=/ucenter/Config/ uid parameter to perform a SQL injection attack...
Ivanti LANDESK Management Suite SQL Injection Vulnerability
Ivanti LANDESK Management Suite LDMS is a suite of endpoint security management software from Ivanti, USA. A SQL injection vulnerability exists in Ivanti LDMS version 10.0.1.168 Service Update 5. The vulnerability stems from a database-based application that lacks validation of externally entered...
CVE-2019-6523
WebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands...
Cleanto SQL Injection Vulnerability
Cleanto is an online booking system developed specifically for cleaning service companies. A SQL injection vulnerability exists in Cleanto version 5.0, which can be exploited by remote attackers to execute SQL commands with the 'serviceid' parameter...
Horus CMS SQL Injection Vulnerability
Horus CMS is a content management system. A SQL injection vulnerability exists in Horus CMS. A remote attacker can exploit this vulnerability to execute SQL commands...
Component Responsive Portfolio 'filter_order_Dir' SQL Injection Vulnerability in Joomla!
Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. A SQL injection vulnerability exists in the Responsive Portfolio 'filterorderDir' component of Joomla! An attacker can execute SQL commands by including vulnerable parameters...