ProjectSend has multiple vulnerabilities

ProjectSend formerly known as cFTP is a suite of self-hosted applications based on PHP and MySQL. ProjectSend contains authentication bypass vulnerabilities, SQL injection vulnerabilities, and arbitrary file download vulnerabilities, which can be exploited by an attacker to execute arbitrary code...

Redaxo CMS SQL Injection Vulnerability

Redaxo CMS is an open source Web portal content management system CMS. The system supports custom modules , plug-in extensions , project backup and so on. SQL injection vulnerabilities exist in Redaxo CMS. Allows attackers to exploit these vulnerabilities to steal cookie-based authentication, tak...

Osclass SQL Injection Vulnerability

OSClass is a PHP MySQL based development , used to create and manage classified ads website open source system . Osclass suffers from a SQL injection vulnerability. Because the input passed to the "/index.php" PHP script via the "itemsPerPage" HTTP GET parameter fails to filter user input, an...

EClinicalWorks Population Health Client Portal SQL Injection Vulnerability

EClinicalWorks Population Health is a suite of population health solutions from EClinicalWorks, Inc. that provides dashboard analytics, patient appointment scheduling, care planning, and a secure network for patient referrals, among other features.Client Portal is one of these portals. SQL...

SQL Injection Vulnerability in 'txtContent' Parameter of Administrative Approval System of Wave Group

It is a cloud computing infrastructure platform of Shandong Wave Qilu Software Industry Co. A SQL injection vulnerability exists in the parameters of the administrative approval system of Wave Group. The lack of filtering of the 'txtContent' parameter allows an attacker to exploit the vulnerabili...

VulnCheck KEV: CVE-2015-1397

SQL injection vulnerability in the getCsvFile function in the MageAdminhtmlBlockWidgetGrid class in Magento Community Edition CE 1.9.1.0 and Enterprise Edition EE 1.14.1.0 allows remote administrators to execute arbitrary SQL commands via the popularityfieldexpr parameter when the...

SQL injection vulnerability in the 'usrname' parameter of the system belonging to Chengdu Flying Fish Star Technology Development Co.

Chengdu Flying Fish Star Technology Co., Ltd. is dedicated to providing intelligent and easy-to-use network communication products and services. A SQL injection vulnerability exists in the 'usrname' parameter of the system belonging to Chengdu Flying Fish Star Technology Development Co. The...

PT-2016-1000 · Ipswitch · Ipswitch Whatsup Gold

Name of the Vulnerable Software and Affected Versions: Ipswitch WhatsUp Gold versions prior to 16.4 Description: The issue is related to the DroneDeleteOldMeasurements implementation, which does not properly validate serialized XML objects. This allows remote attackers to conduct SQL injection...

SQL injection vulnerability in the oabusyusername parameter of the target/m.asp page of the PointClear MIS management information system.

PointClear MIS Management Information System is an enterprise-level instant messaging platform launched by PointClear. An SQL injection vulnerability exists in the oabusyusername parameter on the target/m.asp page of the PointClear MIS enterprise management information system, which allows...

SQL Injection Vulnerability in 'tplname' Parameter of Founder Xiangyu CMS System

Founder Xiangyu CMS system is a full-process management platform for website information release. A SQL injection vulnerability exists in the Founder Xiangyu CMS system. The lack of filtering of the 'tplname' parameter allows attackers to exploit the vulnerability to obtain sensitive database...

WordPress Double-Opt-in-for-Download Plugin SQL Injection Vulnerability

WordPress is a suite of blogging platforms developed using the PHP language by the WordPress Software Foundation.Double-Opt-in-for-Download is one of the plugins used to build email lists and enhance customer outreach. A SQL injection vulnerability exists in the WordPress Double-Opt-in-for-Downlo...

orion.extfeedbackform Bitrix Module SQL Injection Vulnerability

An SQL injection vulnerability exists in the orion.extfeedbackform Bitrix module. Due to insufficient filtering of input passed to the "/bitrix/admin/orion.extfeedbackformefbfforms.php" script via the "order" and "by" HTTP GET parameters, an attacker can exploit the vulnerability to execute SQL...

SQL Injection, Arbitrary File Upload Vulnerability in Panavision Standard Edition e-office

Panmicro Office e-office Standard Edition is a work platform for small businesses or teams. SQL injection and arbitrary file upload vulnerabilities exist in Panmicro Standard Edition e-office, allowing attackers to exploit the vulnerabilities to obtain sensitive database information, upload...

Chengdu Xichen Software Co., Ltd. e-Government System SQL Injection Vulnerability

Chongqing General e-Government System is an e-government software developed by Chengdu Xichen Software Co. Chongqing Municipal General e-Government System suffers from SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information in the database...

phpRechnung SQL Injection Vulnerability

phpRechnung is a web-based accounting software. A SQL injection vulnerability exists in the list.php script in versions prior to phpRechnung 1.6.5. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands...

ICZ MATCHA INVOICE SQL Injection Vulnerability

ICZ MATCHA INVOICE is a Web-based billing management software from ICZ Japan. A SQL injection vulnerability exists in ICZ MATCHA INVOICE 2.5.6 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands...

Multiple Vulnerabilities in the Latest Version of ThinkSAAS

ThinkSAAS is a lightweight open source community system , can be used to build discussion groups , bbs and circles of the community system . ThinkSAAS latest version of the existence of multiple SQL injection, arbitrary file containment and arbitrary file deletion vulnerabilities. Attackers can u...

Qibo Video System SQL Injection Vulnerability

Zibo video system can achieve all static, custom static page URL rules, you can copy the system into multiple subsystems in the background. A SQL injection vulnerability exists in Qibo Video System.' video/member/special.php' where $TBpre is not initialized, due to the existence of pseudo-global...

SQL injection vulnerability in namevalue parameter of travel e-commerce platform belonging to Shenzhen Dingyou.

The tourism e-commerce platform is also a platform for a business system that uses electronic means to operate the tourism industry and its distribution system, based on a network as the main body, a tourism information base and an electronic business bank. SQL injection vulnerability exists in t...

SQL injection vulnerability in FrameSelect.aspx page Type parameter of Nanjing Jenohan Software Periodicals and Magazines System.

Nanjing Jenohan Software Technology Co., Ltd. is for the development of hospital full cost accounting decision support software system, hospital performance management information system and hospital customer management information system. There exists a second SQL injection vulnerability in...