1310 matches found
SQL injection vulnerability in ad***.cl***.php file in the backend of MTCEO repository system
MTCEO library system using php + mysql, built by thinkphp underlying , Baidu library template style for the basic style . MTCEO library system background ad.cl.php file SQL injection vulnerability. Attackers can use the vulnerability to obtain database sensitive information...
SQL Injection Vulnerability in JfinalOA
JfinalOA is a set of open source office OA system development framework. JfinalOA SQL injection vulnerability , an attacker can exploit the vulnerability to obtain sensitive database information...
CVE-2020-8887
Telestream Tektronix Medius before 10.7.5 and Sentry before 10.7.5 have a SQL injection vulnerability allowing an unauthenticated attacker to dump database contents via the page parameter in a page=login request to index.php aka the server login page...
PT-2020-16096 · Phpgurukul · Phpgurukul Zoo Management System
Name of the Vulnerable Software and Affected Versions: PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 Description: The issue concerns SQL Injection via the "zms/animal-detail.php" endpoint. This allows for potential manipulation of database queries. Recommendations: For PHPGURUK...
ZZCMS 2020 Frontend SQL Injection Vulnerability
ZZCMS is a content management system for Webmaster Merchants. A SQL injection vulnerability exists in the ZZCMS 2020 frontend, which can be exploited by attackers to obtain sensitive information from the database...
GHSA-HXWC-5VW9-2W4W NoSQL Injection in loopback-connector-mongodb
Versions of loopback-connector-mongodb prior to 3.6.0 are vulnerable to NoSQL Injection. Filters passed to the database query are not properly sanitized which leads to execution of code on the database driver and data leak. Recommendation Upgrade to version 3.6.0 or later...
Remote code execution
Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions UDFs, written in Lua, as part of a database query. It attempts to restrict code execution by disabling os.execute calls, but this is insufficient. Anyone with network access can use a...
CVE-2020-14068
An issue was discovered in MK-AUTH 19.01. The web login functionality allows an attacker to bypass authentication and gain client privileges via SQL injection in central/executarlogin.php...
PT-2020-14543 · Centos · Centos Web Panel
Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to disclose sensitive information on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the...
SQL Injection Vulnerability in the Frontend of waychar Enrollment System
Waychar Enrollment System is a PHP/MYSQL based enrollment system. A SQL injection vulnerability exists in the frontend of waychar enrollment system. An attacker can exploit this vulnerability to obtain sensitive information from the database...
SQL Injection Vulnerability in BEESCMS Backend ad***_bo***.php Page
BEESCMS is a scalable content management system CMS based on PHP and MySQL. A SQL injection vulnerability exists in the adbo.php page in the BEESCMS backend. An attacker can exploit the vulnerability to obtain sensitive database information...
SAP Master Data Governance SQL Injection Vulnerability
SAP Master Data Governance is a suite of data management tools from SAP Germany for maintaining, validating, and distributing master data. A SQL injection vulnerability exists in SAP Master Data Governance. An attacker could exploit this vulnerability by executing specially crafted database query...
Open-AudIT Multiple Vulnerabilities
Advisory ID Internal CORE-2020-0009 1. Advisory Information Title: Open-AudIT Multiple Vulnerabilities Advisory ID: CORE-2020-0009 Advisory URL: https://www.coresecurity.com/advisories/open-audit-multiple-vulnerabilities Date published: 2020-04-27 Date of last update: 2020-04-24 Vendors...
PT-2020-17812 · Unknown · Ultralog Express
Name of the Vulnerable Software and Affected Versions: UltraLog Express affected versions not specified Description: The issue concerns the UltraLog Express device management interface, which fails to properly filter user-inputted strings in specific parameters. This allows attackers to inject...
Kodak Multimedia Recording and Playback System has SQL Injection Vulnerability
Ltd. is a provider of video and security products and solutions, dedicated to video conferencing, video surveillance and video application solutions to help various government and enterprise customers to solve visual communication and management challenges. A SQL injection vulnerability exists in...
CVE-2020-10365
LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the list of available documents by querying the database. This list could be filtered by modifying some of the parameters. Some of them are not properly sanitized which could allow an authenticated attacker to perform arbitrary...
Sql injection
LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the list of available documents by querying the database. This list could be filtered by modifying some of the parameters. Some of them are not properly sanitized which could allow an authenticated attacker to perform arbitrary...
CVE-2020-10365
LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the list of available documents by querying the database. This list could be filtered by modifying some of the parameters. Some of them are not properly sanitized which could allow an authenticated attacker to perform arbitrary...
PT-2020-18345 · Parse · Parse Server
Name of the Vulnerable Software and Affected Versions: parser-server versions prior to 4.1.0 Description: The issue allows fetching all user objects by utilizing regex in the NoSQL query, specifically targeting the sessionToken. This can be achieved through the API endpoint "/parse/users/me" by...
Users able to query database metadata in Apache Superset
In Apache Incubator Superset before 0.31 user could query database metadata information from a database he has no access to, by using a specially crafted complex query...