1308 matches found
SQL injection vulnerability in semcms function.php
SemCms is an open source foreign trade enterprise website management system. semcms function.php SQL injection vulnerability , because the program does not filter user input , attackers exploit the vulnerability by submitting malicious SQL query statements to the server to obtain sensitive databa...
Exponent CMS 'fileid' Parameter SQL Injection Vulnerability
Exponent CMS is a free, open source PHP-based modular content management system CMS of the U.S. OIC Group of companies. The system supports direct editing in the page, and provides user management, site configuration, content editing and other functions. Exponent CMS version 2.3.9 suffers from a...
SQL Injection Vulnerability in Digital China Internet Behavior Management System Announcement_starttime Parameter
Digital China Internet Behavior Management System is an Internet behavior logging system that fully owns the network behavior analysis management system, integrating hardware and software architecture, behavior analysis engine, management and control policies, analyzing network activities in real...
SQL Injection Vulnerability in KuaiFanCMS File /upload/kuaifan/module/xinxi/fajian.module.php
KuaiFanCMS V5.x is developed with PHP5+MYSQL as the technical base. kf is built with Smarty template engine. KuaiFanCMS file /upload/kuaifan/module/xinxi/fajian.module.php at the existence of SQL injection vulnerability, an attacker can use this vulnerability to obtain sensitive database...
School Full CBT 0.1 - SQL Injection
School Full CBT 0.1 - SQL Injection Exploit Title.............. School Full CBT SQL Injection Google Dork................ N/A Date....................... 14/10/2016 Exploit Author............. lahilote Vendor Homepage............ http://www.sourcecodester.com/node/9859 Software Link...
SQL Injection Vulnerability in ChannelList.aspx Page of Shandong Wave Government Approval Platform
Wave Government Approval Platform is a cloud computing infrastructure platform of Shandong Wave Qilu Software Co. A SQL injection vulnerability exists in the ChannelList.aspx page of the Shandong Wave Government Approval Platform, which can be exploited by attackers to obtain sensitive database...
SQL Injection Vulnerability in UFIDA Financials /target/services/userInfoWeb?wsdl Page
UFIDA Financials is a financial management software. A SQL injection vulnerability exists in the UFIDA Financial System /target/services/userInfoWeb?wsdl page. An attacker can exploit the vulnerability to obtain database information...
CVE-2016-6317
Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing...
CVE-2016-6317
Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing...
CVE-2016-6317
Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing...
Design/Logic Flaw
Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing...
CVE-2016-6317
Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing...
CVE-2016-6317
Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing...
SQL Injection Vulnerability in hdcms Framework rname Parameter
HDCMS is a content management system package written in PHP. A SQL injection vulnerability exists in the rname parameter of the hdcms framework, as the program fails to adequately filter the rname parameter and only does corresponding code auditing on the source code. An attacker is allowed to...
SQL Injection Vulnerability in Doccms
Rice husk enterprise building system, also known as rice husk cms, doccms, formerly known as deep throat enterprise building system ShlCms, is the industry's leading free open source enterprise website building system, enterprise website generation system. Doccms SQL injection vulnerability , due...
PHPBack SQL Injection Vulnerability
PHPBack is an open source Web application feedback system . PHPBack suffers from a SQL injection vulnerability that allows remote attackers to exploit the vulnerability to submit specially crafted SQL queries to manipulate or obtain database data...
TYPO3 without PHP extension SQL injection vulnerability
TYPO3 is a free and open source content management system framework CMS/CMF maintained by the TYPO3 Association in Switzerland.Browser - TYPO3 without PHP Browser is one of the extensions that enable browsers to develop TYPO3 without PHP code. A SQL injection vulnerability exists in TYPO3 without...
CVE-2016-1562
The REST API in the DTE Energy Insight application before 1.7.8 for Android allows remote authenticated users to obtain unspecified customer information via a SQL expression in the filter parameter...
webSPELL SQL Injection Vulnerability
webSPELL is a WEB-based content management program. A SQL injection vulnerability exists in webSPELL. Input passed to the "/cashbox.php" script via the "payid" HTTP POST parameter is not sufficiently filtered, allowing an attacker to query the application's database and execute arbitrary SQL...
Joomla! com_memorix component 'index.php' SQL Injection Vulnerability
Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. The system provides RSS feeds , site search and other functions . A SQL injection vulnerability exists in the Joomla commemorix component 'index.php'. The vulnerability exists becau...