182 matches found
Library CMS SQL Injection Vulnerability
Library CMS is a management system for corporate and personal use. Library CMS suffers from a SQL injection vulnerability that can be exploited by an attacker to execute arbitrary SQL commands...
Dolibarr ERP/CRM SQL Injection Vulnerability (CNVD-2018-01641)
Dolibarr ERP/CRM is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. A SQL injection vulnerability exists in the comm/multiprix.php...
GSI WiNPAT Portal SQL Injection Vulnerability
GSI WiNPAT Portal is a Web-based industry solution for managing intellectual property from GSI Office Management in Germany. A SQL injection vulnerability exists in the login form in GSI WiNPAT Portal versions 3.2.0.1001 through 3.6.1.0. A remote attacker could exploit this vulnerability to execu...
WordPress SQL Injection Vulnerability (CNVD-2017-34851)
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress WPDB SQL injection vulnerability can be exploited by an attacker to execute arbitrary SQL commands due to...
Wordpress plugin image-gallery-with-slideshow 'imgid' parameter SQL injection vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the Wordpress plugin image-gallery-with-slideshow. A remote attacker can exploit the...
Ideagen Easysite SQL Injection Vulnerability
Ideagen Easysite is a web content management system from Ideagen UK. A SQL injection vulnerability exists in the CInfoService.asmx file of WebServices in Ideagen Easysite version 7.0. The vulnerability can be exploited by remote attackers to execute arbitrary SQL commands via a specially crafted...
WordPress Photo Gallery by WD - Responsive Photo Gallery SQL Injection Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Photo Gallery by WD - Responsive Photo Gallery is one of the image management plugin. A SQL injection vulnerabilit...
Intercom MaLion for Windows and Mac SQL Injection Vulnerability
Intercom MaLion for Windows and MaLion for Mac are both products of Intercom Japan. Intercom MaLion for Windows is an IT asset management solution based on the Windows platform. maLion for Mac is a version based on the Mac platform. A SQL injection vulnerability exists in Intercom MaLion versions...
Sql injection
An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection. If the queries are not sanitized, the host's database could be subject to read, write, and delete commands...
Sql injection
eClinicalWorks Population Health CCMR suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as part of user input...
CVE-2015-4592
eClinicalWorks Population Health CCMR suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as part of user input...
CVE-2015-4592
eClinicalWorks Population Health CCMR suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as part of user input...
CVE-2016-6453
A vulnerability in the web framework code of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to execute arbitrary SQL commands on the database. More Information: CSCva46542. Known Affected Releases: 1.30.876...
Cisco WebEx Meetings Server SQL Injection Vulnerability
Cisco WebEx Meetings Server CWMS is the United States Cisco Cisco WebEx meeting program in a set of multifunctional meeting solutions that include audio, video and Web conferencing. A SQL injection vulnerability exists in CWMS version 2.6. A remote attacker can exploit this vulnerability to execu...
Vulnerabilities of the SAP HANA database management system, allowing attackers to execute arbitrary SQL commands
The multiple vulnerabilities of the Development Workbench component of the SAP HANA database management system are related to the lack of protection for SQL query structures. Exploiting these vulnerabilities allows a malicious actor to execute arbitrary SQL commands remotely...
Piwigo 'rate_picture' function SQL injection vulnerability
Piwigo is a photo album script written in PHP. Piwigo suffers from a SQL injection vulnerability that allows remote attackers to execute arbitrary SQL commands by taking the picturephp rate parameter...
UBUNTU-CVE-2014-2708
Multiple SQL injection vulnerabilities in graphxport.php in Cacti 0.8.7g, 0.8.8b, and earlier allow remote attackers to execute arbitrary SQL commands via the 1 graphstart, 2 graphend, 3 graphheight, 4 graphwidth, 5 graphnolegend, 6 printsource, 7 localgraphid, or 8 rraid parameter...
SQL Injection in appRain
High-Tech Bridge Security Research Lab discovered vulnerability in appRain, which can be exploited to perform SQL Injection attacks. 1 Blind SQL Injection in appRain: CVE-2013-6058 The vulnerability is caused by insufficient validation of user-supplied data appended to "/blog-by-cat/" URL. Remote...
CVE-2010-4958
SQL injection vulnerability in index.php in Prado Portal 1.2.0 allows remote attackers to execute arbitrary SQL commands via the page parameter...
PT-2011-2778 · Cisco · Cisco Unified Operations Manager
Name of the Vulnerable Software and Affected Versions: Cisco Unified Operations Manager CUOM versions prior to 8.6 Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the CCMs parameter to the "/iptm/PRTestCreation.do" API endpoint or the ccm...