SQL Injection Vulnerability in UCMS

UCMS is a simple open source content management system . UCMS version 1.4.3 SQL injection vulnerability , an attacker can exploit the vulnerability to obtain sensitive database information...

Redfan iOffice Office Software ioCtlSet.asmx suffers from SQL injection vulnerability

Redfan iOffice.net is a professional mobile OA office automation solution provider, providing mobile OA office automation system for medical, government, enterprise and military units. Red Sail iOffice.net OA Office software ioCtlSet.asmx there is a SQL injection vulnerability, the attacker can u...

ThinkPHP 5.0.10 framework filterExp function has SQL injection vulnerability

ThinkPHP is developed and maintained by the Shanghai Top Thinking company MVC structure of the open-source PHP framework. A SQL injection vulnerability exists in the filterExp function of ThinkPHP 5.0.10 framework. A remote attacker can exploit the vulnerability to obtain sensitive database...

SQL Injection Vulnerability in Flash cms /zj/html.asp Page

Flash Flash cms is Zibo Flash Network Technology Co., Ltd. developed a corporate website system. A SQL injection vulnerability exists in the Flash cms /zj/html.asp page. The vulnerability stems from the program's failure to effectively filter user-submitted data. An attacker can exploit the...

IBOS Enterprise Collaboration Management Software DiaryController.php page actionIndex function has SQL injection vulnerability

IBOS Enterprise Collaboration Management Software is a PHP-based collaborative office management system. An SQL injection vulnerability exists in the actionIndex function on the DiaryController.php page of IBOS Enterprise Collaboration Management Software. An attacker is allowed to exploit the...

SQL injection vulnerability in after_str parameter on JYmusic SongsController.class.php page

JYmusic is an open source cross-platform music management system. A SQL injection vulnerability exists in the afterstr parameter on the JYmusic SongsController.class.php page. A remote attacker can exploit the vulnerability to obtain sensitive database information...

Gxlcms Audiobook System v1.0 SQL Injection Vulnerability in Frontend getrecomm Function

Gxlcms audiobook system is a simple to use, provide listening to the network resource station to provide free collection nodes. A SQL injection vulnerability exists in the frontend getrecomm function in Gxlcms Audiobook System v1.0 bulid 20170714, due to the system failing to strictly filter...

YxtCMF v3.1.0 SQL Injection Vulnerability in 'ty_id' Parameter

YxtCMF Yi Xue Tang Online Learning System is an online learning platform system developed with thinkphp+bootstrap as the framework. YxtCMF v3.1.0 SQL injection vulnerability exists in the 'tyid' parameter. An attacker can exploit this vulnerability to obtain sensitive information from the databas...

SQL Injection Vulnerability in Internet Security Management System of Qingdao Hengxin Technology Development Co.

Qingdao Hengxin Technology Development Co., Ltd. is positioned as a high-tech enterprise specializing in the research and development of computer network and information security technology products. Qingdao Hengxin Technology Development Co., Ltd. Internet security management system SQL injectio...

Cisco Unified Communications Manager SQL Injection Vulnerability (CNVD-2017-27947)

Cisco Unified Communications Manager is an enterprise-class IP telephony call processing system. A SQL injection vulnerability exists in Cisco Unified Communications Manager, which allows remote attackers to submit specially crafted SQL queries to manipulate or obtain database data...

ShopsN v2.0 frontend CartController.class.php file order_form function has SQL injection vulnerability

ShopsN free version of the B2C e-commerce is a product of Shanghai Yisu Network Technology Co. An open source online store in line with enterprise-class commercial standards of the whole network system. In ShopsN v2.0 beta2 version of the front-end CartController.class.php in the orderform functi...

Trend Micro Control Manager SQL Injection Vulnerability (CNVD-2017-20299)

Trend Micro Control Manager is the centralized management console for managing Trend Micro products and services. A SQL injection vulnerability in Trend Micro Control Manager allows remote attackers to submit specially crafted SQL queries to manipulate or obtain database data...

SQL injection vulnerability in show.php, view.php and a.php pages of Shenzhen Yitianlian Technology Co.

Shenzhen Yitianlian Technology Co., Ltd. is a network operator providing online marketing services for enterprises. A SQL injection vulnerability exists in the show.php, view.php, and a.php pages of the website builder system of Shenzhen Yitianlian, which can be exploited by attackers to obtain...

SQL Injection Vulnerability in Hanchao B2B2C Multi-User Mall System Type Parameter

Hanchao B2B2C multi-user mall system is a PHP multi-user mall website system source code developed in PHP + MySQL. Hanchao B2B2C multi-user mall system type parameter SQL injection vulnerability, attackers can use the vulnerability to obtain database sensitive information...

SQL injection vulnerability in the bid parameter of Dongyunchuangda CMSabout.php file

Dongyun Tronda Enterprise CMS is an enterprise website building system. SQL injection vulnerability exists in the bid parameter of the CMSabout.php file, which can be exploited by an attacker to obtain sensitive information from the database...

SQL Injection Vulnerability in eml Enterprise Address Book Management System Version 4.3

EML enterprise customer relationship management system , is based on Linux open kernel and Apache based Php + Mysql intelligent B / S interactive service system . EML Enterprise Contacts Management System v4.3 version of the SQL injection vulnerability. Attackers can use this vulnerability to...

WordPress WP Statistics Plugin SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress WP Statistics plugin. An attacker can exploit the vulnerability to obta...

Xycms add_book page b_tittle parameter has SQL injection vulnerability

XYCMS was formerly known as Nanjing XYCMS Enterprise Station Building System, which is a commercial station building system based on ASP development. A SQL injection vulnerability exists in the btittle parameter of the Xycms addbook page. An attacker can exploit the vulnerability to obtain...

S-CMS V3.0 build20170601 has an arbitrary file download vulnerability

S-CMS is a corporate website building system developed by Zibo Shining Network Technology Co. S-CMS V3.0 build20170601 '/admin/download.asp' page has an arbitrary file download vulnerability, allowing attackers to exploit the vulnerability to download database information...

SQL Injection Vulnerability in Multiple Pages of Zibo Shining Network Technology Co.

Flash CMS is a flash website system developed by Zibo Flash Network Technology Co. There is a SQL injection vulnerability in the text.asp page and slideshowinfo.asp page of the flash CMS of Zibo Flash Network Technology Co. Allow attackers to exploit the vulnerability to obtain sensitive...