SQL Injection Vulnerability in Special Equipment Inspection Management System of Fuzhou Tranda Electronics Co.(CNVD-2016-06020)

Fuzhou Tranda Electronics Co., Ltd. is a high-tech enterprise specializing in software development, system integration, security services and other computer information services. Fuzhou Chuangda Electronics Co., Ltd. special equipment inspection management system is a data information management...

SQL Injection Vulnerability in minX Parameters of Zhongke Xinye Network Security Audit Platform

Zhongke Xinye Network Security Audit Platform is an Internet behavior analysis system. A SQL injection vulnerability exists in Zhongke Xinye Network Security Audit Platform due to the program not adequately filtering the minX parameter. An attacker is allowed to exploit the vulnerability to obtai...

Hebei Nanhao High-tech Development Co., Ltd. online marking system has many loopholes

Hebei Nanhao High-tech Development Co., Ltd. online marking system is a set of statistical analysis and query software. Hebei Nanhao High-tech Development Co., Ltd. online marking system SQL injection and unauthorized access vulnerabilities, attackers can use the vulnerability to obtain sensitive...

OurPHP Profile Modification Function SQL Injection Vulnerability

OurPHP 傲派建站系统 is a website content management system developed using PHP language, the developer is Harbin Weicheng Technology Co. The registered members of OurPHP OurPHP website builder system do not have anti-injection processing for the hidden form password when modifying their information...

SQL Injection Vulnerability in Online Teaching Platform of Higher Education Publishing House

The Higher Education Publishing House Online Teaching Platform is a system that provides online teaching and learning. A SQL injection vulnerability exists in the Higher Education Publishing House Network Teaching Platform, which can be exploited by attackers to obtain sensitive information from...

Cades SQL Injection Vulnerability

Cades is an online service application. Cades has a remote SQL injection vulnerability. A remote attacker is able to execute malicious sql commands to connect to dbms...

Techsoft Web Solutions CMS SQL Injection Vulnerability

TECHSOFT is a WEB solution. A remote SQL injection vulnerability exists in Techsoft Web Solutions CMS. A remote attacker is able to execute malicious sql commands to connect to dbms...

Katello: Authenticated sql injection via sort_by and sort_order request parameter

An input sanitization flaw was found in the scoped search parameters sortby and sortorder in the REST API. An authenticated user could use this flaw to perform an SQL injection attack on the Katello back end database...

SQL injection vulnerability in the 'atdid' parameter of the mining system of Shenzhen JTS Communications Co.

Ltd. is a communication enterprise providing communication services and communication products. A SQL injection vulnerability exists in the program mining system of Shenzhen Jishu Communication Co. The lack of filtering of the 'atdid' parameter allows an attacker to exploit the vulnerability to...

SQL Injection Vulnerability in Human Resource Management Platform of Guangzhou Hexie Software Technology Co.

Guangzhou Hexie Software Technology Co., Ltd. is a high-tech enterprise specializing in the research and development of human resource management software. HR software is an informatization tool that can assist in managing the company's human resources. There is a SQL injection vulnerability in t...

modified eCommerce SQL Injection Vulnerability

modified eCommerce is an open source store software. Modified eCommerce suffers from a SQL injection vulnerability due to the easybillcsv.php file failing to adequately filter the 'ordersstatus' and 'customersstatus ' GET parameters, allowing remote attackers to submit specially crafted SQL queri...

WordPress Booking Calendar Contact Form Plugin SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress Booking Calendar Contact Form plugin suffers from a SQL injection vulnerability by adding specially crafted shortco...

Ramui Forum Script SQL Injection Vulnerability

Ramui Forum Script is free PHP forum script. Ramui Forum Script suffers from a SQL injection vulnerability due to a lack of user input restrictions in /gb/include/page.php. An attacker is able to execute unfiltered SQL requests with malicious code...

Ecava IntegraXor SQL Injection Vulnerability

Ecava IntegraXor is a set of Web-based tools for creating and running HMI Human Machine Interface interfaces for SCADA systems from Ecava Malaysia. A SQL injection vulnerability exists in Ecava IntegraXor versions prior to 5.0 build 4522. A remote attacker can exploit the vulnerability to execute...

Redaxo CMS has multiple vulnerabilities

Redaxo CMS is an open source Web portal content management system CMS. The system supports custom modules , plug-in extensions , project backup and so on. SQL injection and cross-site scripting vulnerabilities exist in Redaxo CMS , allowing attackers to exploit the vulnerabilities to execute...

Thru Managed File Transfer Portal SQL Injection Vulnerability

Thru Managed File Transfer Portal is a web-based file transfer application. A SQL injection vulnerability exists in Thru Managed File Transfer Portal version 9.0.2. The program fails to filter the values of the sortorder and letterrange attributes, allowing an attacker to inject arbitrary SQL...

Cacti SQL Injection Vulnerability (CNVD-2016-02215)

Cacti is a suite of open source network traffic monitoring and analysis tools from the Cacti Group. A SQL injection vulnerability exists in the tree.php file in Cacti 0.8.8g and earlier versions, which can be exploited by remote attackers to execute arbitrary SQL commands with the help of the...

Huawei Policy Center SQL Injection Vulnerability

Huawei Policy Center is a set of policy management center software from Huawei China. The software provides features such as visitor management and personalized customization of the Portal login interface. A SQL injection vulnerability exists in Huawei Policy Center using software versions...

Linyi Yifeng Network Technology Service Co., Ltd. website system has SQL injection vulnerabilities

Linyi Yifeng Network Technology Service Co., Ltd. is a comprehensive network technology service company integrating e-commerce service, e-commerce training and e-commerce. SQL injection vulnerability exists in the website building system of Linyi Yifeng Network Technology Service Co. Ltd. Due to...

SocialEngine SQL Injection Vulnerability

SocialEngine is a PHP-based social networking platform that allows the creation of social networks on websites. An injection vulnerability exists in SocialEngine SQL. Due to insufficient filtering of input passed to the "/index.php" script via the "orderby" HTTP GET parameter, an unauthenticated...