1131 matches found
J2EEFAST SysLoginInfoMapper.xml File SQL Injection Vulnerability
J2eeFAST is a Java EE enterprise-class rapid development platform , is committed to building the best small and medium-sized open source free back-end framework platform . J2EEFAST v2.7.0 version of the SQL injection vulnerability , the vulnerability stems from the SysLoginInfoMapper.xml findPage...
J2EEFAST SysMsgPushMapper.xml File SQL Injection Vulnerability
J2eeFAST is a Java EE enterprise-class rapid development platform , is committed to building the best small and medium-sized open source free back-end framework platform . J2EEFAST v2.7.0 version of the SQL injection vulnerability , the vulnerability stems from SysMsgPushMapper.xml findPage...
RuvarOA office_missive_id Parameter SQL Injection Vulnerability
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by the lack of validation of the officemissiveid parameter in the /WorkFlow/wfworkformsave.aspx file against external SQL input. An attacker can exploit this...
RuvarOA SQL Injection Vulnerability (CNVD-2024-33622)
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by a lack of validation of external SQL statements in the /WorkFlow/OfficeFileUpdate.aspx file. An attacker can exploit this vulnerability to execute illegal SQ...
J2EEFAST myProcessList function SQL injection vulnerability
J2eeFAST is a Java EE enterprise-class rapid development platform , is committed to building the best small and medium-sized open source free back-end framework platform . J2EEFAST v2.7.0 version of the SQL injection vulnerability , the vulnerability stems from the myProcessList function of the...
RuvarOA SQL Injection Vulnerability (CNVD-2024-33151)
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the lack of validation of the fileid parameter of the /CorporateCulture/kaizendownload.aspx file against external SQL input. An attacker can exploit this...
RuvarOA id Parameter SQL Injection Vulnerability
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the id parameter of the /SysManage/sysblogtemplatenew.aspx file that lacks validation of externally entered SQL statements. An attacker can exploit this...
RuvarOA SQL Injection Vulnerability (CNVD-2024-33156)
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by the lack of validation of the projectid parameter in the /ProjectManage/pmgattinc.aspx file against externally entered SQL statements. An attacker can exploi...
RuvarOA SQL Injection Vulnerability (CNVD-2024-33147)
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the id parameter of the /AddressBook/addresspublicnew.aspx file that lacks validation of externally entered SQL statements. An attacker can exploit this...
J2EEFAST findApplyedTasksPage function SQL injection vulnerability
J2eeFAST is a Java EE enterprise-class rapid development platform , is committed to building the best small and medium-sized open source free back-end framework platform . J2eeFAST v2.7.0 version of the SQL injection vulnerability , the vulnerability stems from BpmTaskMapper.xml...
RuvarOA sys_file_storage_id parameter SQL injection vulnerability (CNVD-2024-33626)
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the lack of validation of the sysfilestorageid parameter in the /WorkFlow/wfworkfinishfiledown.aspx file against external SQL input. An attacker can explo...
SEMCMS SQL Injection Vulnerability (CNVD-2024-23136)
SEMCMS is a foreign trade web content management system CMS that supports multiple languages. SEMCMS 4.8 and earlier versions suffer from a SQL injection vulnerability, which stems from the application's lack of validation of external input SQL statements, and can be exploited by attackers to...
RuvarOA id parameter SQL injection vulnerability (CNVD-2024-33617)
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the lack of validation of the templateid parameter in the /SysManage/wftemplatechildfieldlist.aspx file against external SQL input. An attacker can exploi...
RuvarOA 安全漏洞
RuvarOA is an office automation system of Ruvar China. A security vulnerability exists in RuvarOA v6.01 and v12.01, which can be exploited by attackers to execute illegal SQL commands to steal sensitive database data...
RuvarOA 安全漏洞
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the lack of validation of external SQL statements in the PageID parameter of the /WebUtility/getfindcondiction.aspx file. An attacker can exploit this...
RuvarOA 安全漏洞
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the id parameter of the /PersonalAffair/worklogtemplateshow.aspx file that lacks validation of externally entered SQL statements. An attacker can exploit...
RuvarOA 安全漏洞
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the id parameter of the /AddressBook/addresspublicnew.aspx file that lacks validation of externally entered SQL statements. An attacker can exploit this...
Online Book System index.php File SQL Injection Vulnerability
Online Book System is an online booking system. A SQL injection vulnerability exists in version 1.0 of Online Book System, which originates from a lack of validation of externally entered SQL statements in the username/password/loginusername/loginpassword parameters of the /index.php file. An...
Sentrifugo bunitname parameter SQL injection vulnerability
Sentrifugo is a human resource management system. The system includes functions for human resources management, performance appraisal, recruitment management and asset management. A SQL injection vulnerability exists in Sentrifugo version 3.2, which originates from the lack of validation of...
CVE-2024-2723 SQL injection vulnerability in the CIGESv2 system
SQL injection vulnerability in the CIGESv2 system, through /ajaxSubServicios.php, in the 'idServicio' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query...