Xionghai CMS system cookie user parameters exist sql injection vulnerability

XIONGHAI CMS is developed by XIONGHAI can be widely used in personal blogs, personal websites, corporate websites, a set of integrated website management system. Applicable to personal blogs, personal websites, corporate websites and other various purposes, the front end of the computer, mobile t...

NIUSHOP open source mall system order parameters exist SQL injection vulnerability

NiuShop open source mall system , is by the Shanxi Niu Cool Information Technology Co., Ltd. completely independent design , research and development of a PHP open source e-commerce system . NIUSHOP open source mall system order parameters exist SQL injection vulnerability. The vulnerability due ...

SQL injection vulnerability in the create_share.php page of TreeHole's external link system

Treehole external chain system is a free and open source PHP external chain network disk system, support for seven cattle, local, remote three kinds of storage methods, support for multi-user system. Treehugger createshare.php page SQL injection vulnerability , because the program fails to filter...

XYCMS hf_book.php page id parameter has SQL injection vulnerability

XYCMS php version was formerly known as Nanjing XYCMS Enterprise Building System. XYCMS background hfbook.php page id parameters exist SQL injection vulnerability, attackers can exploit the vulnerability to obtain database sensitive information...

SQL Injection Vulnerability in Topic Parameter of Zaoyang City Shanshui Digital Studio's Website Building System

Zaoyang Shanshui Digital Studio website building system is a website building system. A SQL injection vulnerability exists in the topic parameter of the Zaoyang City Landscape Digital Studio website builder system. Allow attackers to exploit the vulnerability to obtain sensitive information from...

Zendo Project Management Software Open Source 9.1.1 SQL Injection Vulnerability

Zendo is an open source project management software. Zendo Project Management Software Open Source 9.1.1 SQL injection vulnerability exists in module\block\control.php page. Due to the lack of filtering of the 'main' parameter, allowing attackers to exploit the vulnerability to obtain sensitive...

Uc365 website category navigation system adver_name parameter exists sql injection vulnerability

Uc365 website classification and navigation system is a cross-platform open source software, based on PHP + MYSQL development and construction of open source website classification and catalog management system. Uke365 website category navigation system advername parameter there is a sql injectio...

JTBCcms 'uu_upload_file' function has SQL injection vulnerability

JTBC is an open source and free cross-platform web content management system solution. JTBCcms 'uuuploadfile' function SQL injection vulnerability. The vulnerability is caused by the failure to effectively filter the parameters used in the user upload file , an attacker can exploit the...

KenCMS1.0 enterprise has a member version of the system parent parameters exist sql injection vulnerability

KenCMS is a content management system. A SQL injection vulnerability exists in KenCMS V1.0 Enterprise Membership Full Version. The "parent" parameter is not well filtered, which allows attackers to exploit the vulnerability to obtain sensitive information from the database...

WordPress Spider Event Calendar Plugin SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress Spider Event Calendar plugin version 1.5.51, which can be exploited by...

Joomla com_virtuemart plugin 'id' parameter SQL injection vulnerability

Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the mainproduct parameter of the Joomla comproduct component. An attacker can exploit the vulnerability to access or modify database data...

Cybozu Garoon SQL Injection Vulnerability (CNVD-2017-02504)

Cybozu Garoon is a portal OA office system. A SQL injection vulnerability exists in Cybozu Garoon, which allows remote attackers to submit specially crafted SQL queries to manipulate or obtain database data...

Joomla MultiTier Component SQL Injection Vulnerability

Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the Joomla MultiTier component. An attacker can exploit the vulnerability to access or modify database data...

Joomla com_dcrc component 'pid' parameter SQL injection vulnerability

Joomla is an open source content management system CMS. SQL injection vulnerability in the 'pid' parameter of the Joomla comdcrc component. An attacker can exploit the vulnerability to access or modify database data...

CVE-2017-5879

An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as selectloadfile. The vulnerability...

CVE-2017-5879

An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as selectloadfile. The vulnerability...

Serendipity include/functions_entries.inc.php SQL Injection Vulnerability

Serendipity is a WEB application. Serendipity include/functionsentries.inc.php suffers from a SQL injection vulnerability that allows remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain database data...

Sql injection

An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the messageJson.jsp, which can only be exploited by authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band...

GeniXCMS SQL Injection Vulnerability

MetalGenix GeniXCMS is a PHP-based content management system and framework CMSF that provides modules for user management, content management and menu management. A SQL injection vulnerability exists in the GeniXCMS author.control.php type parameter. A remote attacker can use the type parameter t...

SQL Injection Vulnerability in Shen Yue Software Provident Fund System

Shen Yue Software is a company that provides housing fund management software. A SQL injection vulnerability exists in Shen Yue Software's provident fund system. An attacker can exploit the vulnerability to obtain sensitive information from the database...