Generalized SQL Injection Vulnerability in VNet Series WEB Management System of Guangzhou Zhonghaida Satellite Navigation Technology Co.

COSHIDA VNet6 Professional Reference Station Receiver is one of COSHIDA's new VNet series of measurement systems, and it is also a professional reference station receiver specially designed for reference station applications. A generic SQL injection vulnerability exists in the pid parameter of th...

SQL Injection Vulnerability in Hangzhou VuLi Information Collection, Editing and Distribution System

The information collection, editing and dissemination system is a system for strengthening internal management and performance target assessment, improving work efficiency, and collecting information. A SQL injection vulnerability exists in the cataname parameter of Hangzhou VuLi Information...

SQL Injection Vulnerability in cms Collaborative Content Management System of Beijing Hezheng Software Co.

Beijing Hezheng Software Co., Ltd. is a company that provides Internet/Intranet-based management and application software solutions for the fields of enterprise informatization, network media and e-government. A SQL injection vulnerability exists in the cms collaborative content management system...

SQL Injection Vulnerability in Core Business System of BaoLin Financial Technology Intermediary

Guangdong Bao Lian Financial Technology Co., Ltd. is an application software system integrator and it application platform operator dedicated to the informatization of the insurance industry. The intermediary core business system is one of the application systems of the company. A SQL injection...

sysPass 'getAccounts' Parameter SQL Injection Vulnerability

sysPass is a PHP-based Web password manager. A SQL injection vulnerability exists in sysPass 1.0.9 and earlier versions, which stems from the ajax/ajaxsearch.php script not adequately filtering the 'search' parameter. A remote attacker can exploit this vulnerability to execute arbitrary SQL...

Multiple SQL Injection Vulnerabilities in Beijing Jinhe C6 Collaborative Management Platform

Jinhe OA is developed with asp.net and sqlserver technology and is used by many users. There are multiple SQL injection vulnerabilities in the OA system. However, these injections need to log in to the system to be able to use the OA system for sql filtering, but the filtering is not strict enoug...

SQL Injection Vulnerability in Bayesian Public Opinion Monitoring System

The Public Opinion Monitoring System is a product of Bayesian Beijing Information Consulting Co., Ltd. which is a market and Internet information research organization. A SQL injection vulnerability exists in the Bayesian Public Opinion Monitoring System. The vulnerability allows attackers to...

Joomla! J2Store Extension SQL Injection Vulnerability

Joomla! is the U.S. Open Source Matters team developed a set of open source content management system CMS, the system provides RSS feeds , site search and other features . J2Store comj2store is one of the increase in the basic storage capabilities of the extension . A SQL injection vulnerability...

SQL Injection Vulnerability in Microservices Intelligent Platform of Yue Liang Legendary Technology Co.

The main business of EVERLIGHT LEGEND TECHNOLOGY CO., LTD. is industry application software, and the main customers are telecommunication operators, electric power and aviation. WeChat Service Intelligent Platform is one of the operating platforms of Yue Liang Legend Technology Co. A SQL injectio...

Fiyo CMS SQL Injection Vulnerability

Fiyo CMS is a content management system CMS for creating CMS templates. A SQL injection vulnerability exists in Fiyo CMS that stems from the program failing to adequately filter user-submitted input before constructing SQL query statements. An attacker could use this vulnerability to compromise t...

Pimcore CMS 'filter' Parameter SQL Injection Vulnerability

Pimcore CMS is a software developer pimcore developed a set of open source for the creation and management of Web applications content management system CMS. A SQL injection vulnerability exists in the Pimcore CMS 'filter' parameter. The vulnerability stems from the program's failure to adequatel...

UBUNTU-CVE-2015-4634

SQL injection vulnerability in graphs.php in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands via the localgraphid parameter...

Welcart vulnerable to SQL injection

Overview Welcart provided by Collne Inc. is a WordPress plugin for creating shopping websites. Welcart contains a SQL injection CWE-89 vulnerability due to the processing of changeSort parameter in admin.php. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

Thetis vulnerable to SQL injection

Overview Thetis provided by Sysphonic Co., Ltd. is an open source groupware and SNS. Thetis contains a SQL injection CWE-89 vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An attack...

SQL Injection Vulnerability in Zhixiang OA Office System/mainpage/msg.aspx?user=parameters

Zhixiang OA office system is an enterprise office system. A SQL injection vulnerability exists in the OpenWindows/OpenleibiezlMc.aspx?id= parameter of the Zhixiang OA Office System, which can be exploited by an attacker to obtain sensitive information from the database...

SQL Injection Vulnerability in Panmicro E-office /E-mobile/flownext_page.php Parameters

Panmicro E-office is an OA product launched by Panmicro for small and medium-sized organizations. A SQL injection vulnerability exists in the Panmicro E-office /E-mobile/flownextpage.php parameter, which can be exploited by attackers to obtain sensitive information from the database...

SQL Injection Vulnerability in Panmicro E-office /E-mobile/flowimage_page.php Parameters

Panmicro E-office is an OA product launched by Panmicro for small and medium-sized organizations. A SQL injection vulnerability exists in the Panmicro E-office /E-mobile/flowimagepage.php parameter, which can be exploited by attackers to obtain sensitive information from the database...

SQL Injection Vulnerability in Panmicro E-office /E-mobile/flow/flowhave_page.php Parameters

Panmicro E-office is an OA product launched by Panmicro for small and medium-sized organizations. A SQL injection vulnerability exists in the Panmicro E-office /E-mobile/flow/flowhavepage.php parameter, which can be exploited by an attacker to obtain sensitive information from the database...

Milw0rm Clone Script 'admin/login.php' SQL Injection Vulnerability

Milw0rm Clone Script is a Milw0rm clone script. Milw0rm Clone Script 'admin/login.php' fails to properly filter user-supplied input and is vulnerable to multiple SQL injection vulnerabilities. This allows attackers to compromise the application, access or modify data, or exploit potential...

SQL Injection Vulnerability in the Page Parameters of Nanjing Jenohan Journal Submission System

Nanjing Jenohan Software Technology Co., Ltd. is for the development of hospital full cost accounting decision support software system, hospital performance management information system and hospital customer management information system. SQL injection vulnerability exists in the page parameter ...