SQL injection vulnerability in BlogManage/Video/MyVideoAlbum.aspx page of Shanghai Hongyu Information Technology Co.

ECS ECS education site system is a general-purpose CMS program developed by Shanghai Hongyu Information Technology Co., Ltd. for schools, education and other site-building system. The product BlogManage/Video/MyVideoAlbum.aspx page SQL injection vulnerability, an attacker registers an account log...

SQL Injection Vulnerability in UserGUID Parameter of UserDataSync.aspx Page of Nanjing Fargo Streaming Media System

Nanjing Fargo streaming media system is mainly used for applications such as network TV, live event broadcasting, remote education, enterprise roadshow and multimedia public information service, etc. The system integrates computer, network, audio/video and mobile communication and other related...

SQL Injection Vulnerability in iGENUS Mail System of Aegisys Technology (Chengdu) Co.

iGENUS mail system based on the Linux platform mail system comprehensive management, using a Web-based graphical management interface multifunctional system. The product exists exists SQL injection vulnerability, the vulnerability URL is: http://target/login.php?Cmd=error&Code=, the vulnerability...

SQL Injection Vulnerability in TUTUCMS System by Parameter

TUTUCMS is a CMS image management system focused on the development of image-based websites. TUTUCMS x2.6 version has a SQL injection vulnerability, due to the system does not strictly filter by parameters, only the source code to do the corresponding code audit. This vulnerability allows attacke...

SQL Injection Vulnerability in Gobetter Video Conferencing System of Beijing Gobetter Technology Co.

Gobalt network video conferencing system supports a variety of application scenarios such as work meetings, remote training, product sales, online seminars, consulting services and so on. There is a SQL injection vulnerability in the searchparam parameter of Gobetter videoconferencing system of...

SQL injection vulnerability in the SHREF_NO parameter of PSTAR Freight Information Management System of Yinglian Logistics Technology (Shanghai) Co.

PSTAR Logistics Management System V4.0 is a logistics system. There is a SQL injection vulnerability in the SHREFNO parameter of the PSTAR Freight Information Management System of Yinglian Logistics Technology Shanghai Co: http://target/bill/billq.aspx, an attacker can use the vulnerability to...

SQL Injection Vulnerability in ZZCMS System zssave.php File

ZZCMS is an enterprise website builder. ZZCMS System v7.1 suffers from a SQL injection vulnerability due to the failure of the zssave.php file in the /user/ directory to properly handle the $ypid variable, which allows remote attackers to exploit the vulnerability by submitting specially crafted...

SQL Injection Vulnerability in psIdH Parameter of the Online Exam System of Shenzhen Biaochi Information Technology Co.

The Enterprise Huitong Online Exam System is a set of professional application software suitable for the government, schools, enterprises and institutions to carry out internal network examination and evaluation through the Internet or LAN. There is a SQL injection vulnerability in the psIdH...

WordPress Zero Spam Plugin SQL Injection Vulnerability

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Zero Spam plugin suffers from a SQL injection vulnerability due to the program failing to adequatel...

SQL Injection Vulnerability in Nine to Five Network Website Building System

Ninety-five Network Building System is a general-purpose CMS system. The product has SQL injection vulnerability, vulnerability URL: http://target/News.asp?newskind= The vulnerability parameter is newskind , type is GET injection, numeric injection, the attacker can use the vulnerability to obtai...

Mediaone 'id' Parameter SQL Injection Vulnerability

MediaOne is a multi-window fusion controller of the famous American company dVision. The advantage of this multi-window fusion controller called picture splicer in China is that it integrates multi-window picture-in-picture function, image edge fusion and surface geometric correction function, an...

Joomla Catfiltering Component SQL Injection Vulnerability

Joomla! is a U.S. Open Source Matters team developed a set of open source content management system CMS. Catfiltering is one of the image of the frequency domain filtering component . A SQL injection vulnerability exists in version 1.5.4 of the Joomla Catfiltering component, which can be exploite...

Joomla! SecurityCheck and SecurityCheck Pro SQL Injection Vulnerability

Joomla! is a U.S. Open Source Matters team developed a set of open source content management system CMS, the system provides RSS feeds, site search and other features . SecurityCheck and SecurityCheck Pro are among the network security extension components. A SQL injection vulnerability exists in...

Dashbuilder: SQL Injection on data set lookup filters

A security flaw was found in the way Dashbuilder performed SQL datasets lookup requests in the Data Set Authoring UI or the Displayer editor UI. A remote attacker could use this flaw to conduct SQL injection attacks via specially-crafted string filter parameter...

Multiple SQL Injection Vulnerabilities in Empire Download System V2.5 Backend

Empire Download System" is a code completely open source, dedicated to the website information download and online video site to provide solutions. Empire Download System V2.5 backend has multiple SQL injection vulnerabilities. Allow attackers to exploit the vulnerability to obtain sensitive...

SQL Injection Vulnerability in the Papername Parameter of the Showlist.jsp Page of the Newspaper System of Beijing Zixin Newspaper Technology Development Co.

Zixin Newspaper Digital Newspaper System is a professional information-based multimedia publishing platform for internal journals, newspapers and magazines in different industries, such as newspapers, magazines, schools, groups of enterprises, governments and non-profit organizations. A SQL...

SQL injection vulnerability in the searchKeys parameter of the newspaper system createcd.jsp page at Beijing Zixin Newspaper Technology Development Co.

Zixin Newspaper Digital Newspaper System is a professional information-based multimedia publishing platform for internal journals, newspapers and magazines in different industries, such as newspapers, magazines, schools, groups of enterprises, governments and non-profit organizations. SQL injecti...

The vulnerability of the Solar-Log WEB monitoring system allows a malicious individual to execute arbitrary SQL commands.

Vulnerability allows remote attackers to execute arbitrary SQL commands using a specially crafted query...

SQL Injection Vulnerability in FangMail Email Backend Management System

U-Mail mail is widely used in government departments, schools, enterprises and institutions group enterprise mailbox software. A SQL injection vulnerability exists in the background management system of FangMail Mail. It allows attackers to utilize commonly used SQL injection tools to obtain...

Ktools Photostore SQL Injection Vulnerability

Ktools Photostore is the American Ktools company's set of professional photo gallery-like shopping cart software dedicated to selling pictures and other artwork online. A SQL injection vulnerability exists in Ktools Photostore versions prior to 4.7.5. An attacker can exploit this vulnerability to...