PT-2017-17973 · Dolibarr · Dolibarr Erp/Crm

Name of the Vulnerable Software and Affected Versions: Dolibarr ERP/CRM version 4.0.4 Description: The issue is related to SQL Injection in the doli/theme/eldy/style.css.php file via the lang parameter. Recommendations: For version 4.0.4, avoid using the lang parameter in the affected file until...

flatCore SQL Injection Vulnerability (CNVD-2017-06456)

flatCore is a web content management system based on PHP5 and SQLite3. A SQL injection vulnerability exists in flatCore, which allows remote attackers to submit specially crafted SQL queries to manipulate or obtain database data...

SQL injection vulnerability in ZZCMS jsout/hit.php file

ZZCMS is a PHP-written enterprise website builder. ZZCMS jsout/hit.php file SQL injection vulnerability, the vulnerability is caused by the failure to effectively filter the editor parameter due to the attacker to obtain sensitive database information...

Joomla Component JGrid SQL Injection Vulnerability

Joomla is the U.S. OpenSourceMatters team of a set of PHP and MySQL development using open source, cross-platform content management system CMS. Joomla Component JGrid V4.44 has a SQL injection vulnerability that can be exploited by an attacker to require any authentication and obtain sensitive...

WordPress AccessPress Social Icons Plugin SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress AccessPress Social Icons plugin, which can be exploited by attackers to...

SQL injection vulnerability in keyword parameter of xycms manage_book.php page

XYCMS was formerly known as Nanjing XYCMS Enterprise Building System. A SQL injection vulnerability exists in the keyword parameter of the xycms managebook.php page. The vulnerability stems from the failure to filter the keyword parameter sufficiently, which can be exploited by an attacker to...

SQL Injection Vulnerability in xycms edit_book.php Page id Parameter

XYCMS was formerly known as Nanjing XYCMS Enterprise Building System. After XYCMS editbook.php page id parameter exists SQL injection vulnerability, attackers can exploit the vulnerability to obtain database sensitive information...

Uc365 website category navigation system link_logo parameter exists sql injection vulnerability

Uke365 website category navigation system is a cross-platform open source software , based on PHP + MYSQL development and construction of open source website category management system . Uke365 website category navigation system linklogo parameters exist sql injection vulnerability , due to the...

CVE-2016-4337

SQL injection vulnerability in the mgr.login.php file in Ktools.net Photostore before 4.7.5 allows remote attackers to execute arbitrary SQL commands via the email parameter in a recoverlogin action...

Anhui Hope Technology enterprise website management system cateid parameters exist SQL injection vulnerability

Hope Technology Enterprise Website Management System is a website management system developed and managed by Anhui Hope Network Technology Co. There is a SQL injection vulnerability in the cateid parameter of the Hope Technology enterprise website management system. Attackers can use the...

Airbnb Crashpadder Clone Script SQL Injection Vulnerability

Airbnb Crashpadder Clone Script is a system that can be deployed similar to the Airbnb home-sharing rental site. Airbnb Crashpadder Clone Script suffers from a SQL injection vulnerability that can be exploited by an attacker to read sensitive information in a database...

Doctors Appointment Script SQL Injection Vulnerability

Doctors Appointment Script is an apartment booking service website built with HTML5, CSS3, PHP 5 and jQuery. Doctors Appointment Script has a SQL injection vulnerability in several parameters such as lat, lon, category, etc. on the search page, which can be exploited by an attacker to read...

SQL Injection Vulnerability in Love Channel Music V10.01 System logo.php Page

Love Channel Music System is an audio-visual management system developed using php+Mysql. An SQL injection vulnerability exists in the logo.php page of the Love Channel Music V10.01 system. The lack of filtering of the 'cdid' parameter allows attackers to exploit the vulnerability to obtain...

Multiple SQL Injection Vulnerabilities in WebsiteBaker

websitebaker is an open source content management system CMS. Websitebaker has multiple SQL injection vulnerabilities. Because account/signup.php does not properly handle the values of the variables "username" and "displayname", a remotely authenticated attacker registration is turned on by defau...

SQL Injection Vulnerability in UReader Digital Library System browse.php Page

UReader Digital Library UReader Digital Library is a comprehensive platform for providing e-books in original foreign languages. A SQL injection vulnerability exists in the UReader Digital Library browse.php page. The vulnerability is caused by not filtering the 'catid' parameter effectively, whi...

SQL Injection Vulnerability in Nanjing Nanda Shangcheng Content Management System CountArticle.jsp Page

Nanjing Nanda Shangcheng content management system is a smart government solution. A SQL injection vulnerability exists in the CountArticle.jsp page of the Nanjing Nanda Shangcheng Content Management System. The lack of filtering of the 'ID' parameter allows an attacker to exploit the vulnerabili...

iFdate Social Dating Script SQL Injection Vulnerability

iFdate Social Dating is a social software script. iFdate Social Dating suffers from a SQL injection vulnerability due to poor validation of multiple parameters, which could allow a remote, unauthenticated attacker to obtain sensitive information via this vulnerability...

Joomla com_kunena plugin 'id' parameter SQL injection vulnerability

Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the 'id' parameter of the Joomla comkunena plugin. An attacker can exploit the vulnerability to access or modify database data...

Joomla com_kide plugin 'view' parameter SQL injection vulnerability

Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the 'view' parameter of the Joomla comkide plugin. An attacker can exploit the vulnerability to access or modify database data...

McAfee Advanced Threat Defense SQL Injection Vulnerability

McAfee Advanced Threat Defense is an anti-malware solution from McAfee USA. McAfee Advanced Threat Defense suffers from a SQL injection vulnerability that arises from the program's failure to adequately validate user-supplied data. An attacker can perform unauthorized operations on the underlying...