IdeaCMS microstore config_loader.asp has SQL injection vulnerability

IdeaCMS Micro Mall Management System is a PC+Mobile+WeChat integrated mall system developed by Sampi Network Technology Co. A SQL injection vulnerability exists in IdeaCMS Micro Mall configloader.asp. An attacker can exploit this vulnerability to obtain sensitive information from the database...

FineCMS SQL Injection Vulnerability (CNVD-2017-15546)

FineCMS is a content management system CMS developed using MVC architecture and PDO database interface. An SQL injection vulnerability exists in FineCMS versions 2017-07-12 and earlier. The vulnerability can be exploited by an attacker to obtain data from the database with the help of the...

SQL Injection Vulnerability in flagship version of modoer review system

Modoer is a local sharing, multi-functional review website management system. Developed and designed with PHP+MYSQL, open all source code.Modoer fully supports PC, cell phone, tablet; colleagues support microsoft integration, allowing the site to go deep into any place. Modoer review system...

XOOPS Core Install DB SQL Injection Vulnerability

XOOPS eXtensible Object Oriented Portal System is the XOOPS team develops and maintains a set of open source PHP and MySQL based content management system . The system can be used to create a variety of online communities . XOOPS Core is one of the core repository . A SQL injection vulnerability...

SQL Injection Vulnerability in Hanchao B2B2C Multi-User Mall System

Hanchao B2B2C multi-user mall system is a PHP multi-user mall website system source code developed in PHP + MySQL. Hanchao B2B2C Multi-User Mall System v2.1.3 version of the Orderid parameter, delorder method SQL injection vulnerability exists due to the system fails to effectively filter the...

SQL Injection Vulnerability in yiifcms Content Management System

yiifcms is a content management system CMS developed on the yii framework. A SQL injection vulnerability exists in the yiifcms content management system due to the system's failure to strictly filter the id and catalogid parameters. An attacker can exploit this vulnerability to obtain sensitive...

Lepide Auditor Suite - createdb() Web Console Database Injection Remote Code Execution Exploit

Exploit for php platform in category remote exploits !/usr/bin/python """ Lepide Auditor Suite createdb Web Console Database Injection Remote Code Execution Vulnerability Vendor: http://www.lepide.com/ File: lepideauditorsuite.zip SHA1: 3c003200408add04308c04e3e0ae03b7774e4120 Download:...

SQL Injection Vulnerability in Hanchao B2B2C Multi-User Mall System

Hanchao B2B2C multi-user mall system is a PHP multi-user mall website system source code developed in PHP + MySQL. Hanchao B2B2C Multi-User Mall System v2.1.3 updatetime method has a SQL injection vulnerability. An attacker can exploit this vulnerability to obtain database information...

CVE-2017-1175

IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123297...

Lepide Auditor Suite - 'createdb()' Web Console Database Injection / Remote Code Execution

!/usr/bin/python """ Lepide Auditor Suite createdb Web Console Database Injection Remote Code Execution Vulnerability Vendor: http://www.lepide.com/ File: lepideauditorsuite.zip SHA1: 3c003200408add04308c04e3e0ae03b7774e4120 Download: http://www.lepide.com/lepideauditor/download.html Analysis:...

Lepide Auditor Suite - createdb() Web Console Database Injection Remote Code Execution

Lepide Auditor Suite - createdb Web Console Database Injection Remote Code Execution !/usr/bin/python """ Lepide Auditor Suite createdb Web Console Database Injection Remote Code Execution Vulnerability Vendor: http://www.lepide.com/ File: lepideauditorsuite.zip SHA1:...

SQL injection vulnerability in the id parameter of the news_info.php file of Dongyunchuangda Enterprise CMS

Dongyun Tronda Enterprise CMS is an enterprise website building system. A SQL injection vulnerability exists in the id parameter of the newsinfo.php file of the Dongyuntranda Enterprise CMS. An attacker can exploit this vulnerability to obtain database information...

Niushop open source mall system id parameter SQL injection vulnerability

NiuShop open source mall system is by Shanxi Niu Cool Information Technology Co., Ltd. completely independent design, research and development of a PHP open source e-commerce system . NiuShop open source mall system id parameters exist SQL injection vulnerability . As the system fails to...

Niushop open source mall system SQL injection vulnerability

NiuShop open source mall system is by Shanxi Niu Cool Information Technology Co., Ltd. completely independent design, research and development of a set of PHP open source e-commerce system . NIUSHOP open source mall system sort parameters exist SQL injection vulnerability. The vulnerability due t...

SQL Injection Vulnerability in the mobile_check Method of ShopSn V2.0 Mall System

ShopsN Mall system is a product of Shanghai Yiso Network Technology Co., Ltd, an enterprise-class commercial standard full-featured allow free commercial use of the open source online store full network system. A SQL injection vulnerability exists in the tel parameter in the mobilecheck method of...

SQL Injection Vulnerability in getNew Method of ShopSn V2.0 Mall System

ShopsN free version of the B2C e-commerce is a product of Shanghai Yisu Network Technology Co., Ltd , an enterprise-class commercial standard full-featured allow free commercial use of the open source online store system. ShopSn V2.0 mall system getNew method SQL injection vulnerability. An...

SQL injection vulnerability in reply_content parameter of xycms add_book.php page

XYCMS was formerly known as Nanjing XYCMS Enterprise Station Building System, which is a commercial station building system based on ASP development. Xycms SQL injection vulnerability, the system on the addbook page btittle parameters are not effectively filtered, attackers can exploit the...

SQL injection vulnerability in the typeId parameter of news_list.jsp file of Shangli K12 digital campus management platform.

Shangli K12 Digital Campus Management Platform is an integrated campus solution. A SQL injection vulnerability exists in the typeId parameter of the newslist.jsp file in the K12 digital campus management platform. The vulnerability is due to the system typeId parameter does not filter the data...

CVE-2017-9730

SQL injection vulnerability in rdr.php in nuevoMailer version 6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the "r" parameter...

SQL Injection Vulnerability in Website Building System of Guangzhou Chuangke Network Co.

Guangzhou Chuangke Network Co., Ltd. is a website construction and Internet marketing service provider. There is a SQL injection vulnerability in the website building system of Guangzhou Chuangke Network Co., Ltd. which can be exploited by attackers to obtain the account password of the backend...