EUVD-2018-21873

Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the username parameter. Attackers can submit POST requests to the login endpoint with SQL injection payloads ...

CVE-2019-25482 Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 SQL Injection

Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the arackategoriid parameter. Attackers can send POST requests to the endpoint with malicious SQL payloads to...

CVE-2026-1481 Out-of-band SQL injection in Quatuor Performance Evaluation

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario' in '/evaluacionobjetivosanyosigverauto.aspx', could allow an attacker to...

EUVD-2020-20578

Malware in sbrugna...

Multiple vulnerabilities in phpUploader

Overview phpUploader provided by Dojin Club MICMNIS contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2022-24435 SQL Injection CWE-89 - CVE-2022-23986 Toyama Taku reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information...

jeecg SQL注入漏洞

Jeecg-Boot is a code generator-based intelligent development platform. jeecg-boot CMS version 2.3 of /jeecg boot/sys/dict/loadtreedata is vulnerable to SQL injection, which can be exploited by attackers to access sensitive database information...

SQL Injection Vulnerability in SiteServer CMS of Beijing Baiyong Qianwei Software Technology Development Co.

SiteServer CMS is a CMS content management system. A SQL injection vulnerability exists in SiteServer CMS of Beijing Baiyongqianwu Software Technology Development Co., Ltd, which can be exploited by attackers to obtain sensitive information from the database...

SQL injection vulnerability in Shanghai Zhihu Information Technology website construction page ca***_de***.

Shanghai Zhihu Information Technology Co., Ltd. precipitated 5 years, each industry comprehensive business scenarios, combined with the ability of technological innovation, to provide social e-commerce, home furnishing industry, tourism and travel and other areas of the solution. Shanghai Zhihu...

SQL Injection Vulnerability in the Construction System of Beijing Bolehoo Technology Co.

Ltd. is a website construction company integrating planning, design, production and technology development. There is a SQL injection vulnerability in the construction system of Beijing Bleihoo Technology Co., Ltd, which can be exploited by attackers to obtain sensitive information from the databa...

Hubei Yibaitian Network Media Co., Ltd. website builder system has SQL injection vulnerability

YBTS Network Media operates computer software and hardware R&D business and Internet data business in Shanghai Telecom's Caobao Road/Wai Gao Qiao/Wusheng Road and other national server rooms. Hubei YBTS Network Media Co., Ltd. website building system has SQL injection vulnerability, attackers can...

SQL Injection Vulnerability in co***_ru***.php of Acme CMS Backend

Acme CMS is a full-featured, PHP + Mysql architecture, multi-language, responsive display, suitable for personal website construction CMS building system. There is a SQL injection vulnerability in the backend coru.php of Acme CMS, which can be exploited by attackers to obtain sensitive database...

SQL injection vulnerability in YUNUCMS Ma***.php file (CNVD-2018-21954)

YUNUCMS Enterprise Website Management System YUNUCMS is a professional marketing enterprise building system based on PHP + MYSQL as the core development. A SQL injection vulnerability exists in the YUNUCMS Ma.php file. An attacker can exploit this vulnerability to obtain sensitive database...

SQL Injection Vulnerability in ShopsN v2.0 Frontend OrderGroupController.class.php File

ShopsN is a free e-commerce open source system. ShopsN v2.0 official version of the front-end OrderGroupController.class.php file SQL injection vulnerability. The vulnerability is due to the system failing to effectively filter user-submitted data. An attacker can exploit this vulnerability to...

SQL injection vulnerability in BlogManage/Video/MyVideo.aspx page of Shanghai Hongyu Information Technology Co.

ECS ECS education site system is a general-purpose CMS program developed by Shanghai Hongyu Information Technology Co., Ltd. for schools, education and other site-building system. ECS BlogManage/Video/MyVideo.aspx page has a SQL injection vulnerability, which can be exploited to obtain sensitive...

SQL Injection Vulnerability in the Goodsid Parameter in the Add.aspx Page of the Office Automation System of Shanghai Shuang Yang Computer Hi-Tech Development Co.

Shanghai Shuang Yang Computer Hi-Tech Development Company Shuang Yang for short is a high-tech enterprise mainly engaged in application software development and system integration. The product /DSOATY/goods/GoodsAdd.aspx?goodsid=1&flag=2 at the existence of SQL injection vulnerability, the...

Multiple Vulnerabilities in GCMS 2005 of Beijing Guangdu Qimin Information Technology Co.

Ltd. Speed Sword 2005 GCMS is a portal creation and management system that integrates content management system, multi-site management and page display. SQL injection and cross-site scripting vulnerabilities exist in GCMS. An attacker can exploit the vulnerabilities to obtain sensitive database...