CVE-2018-25410 SIM-PKH 2.4.1 SQL Injection via media.php id Parameter

SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to /admin/media.php with module=pengurus and act=editpengurus parameters containing SQ...

EUVD-2018-21859

Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Attackers can exploit the hashtag parameter with union-based payloads to retrieve table and column names...

CVE-2019-25703

ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'bid' parameter. Attackers can send POST requests to the admin.php endpoint with malicious 'bid' values containing SQL...

CVE-2025-34245

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxStandaloneVpnClientsController.ajaxAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

EUVD-2017-2574

Malware in sbrugna...

CVE-2019-0179

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2024-52905

IBM Sterling B2B Integrator Standard Edition versions 6.0.0.0–6.1.2.6 and 6.2.0.0–6.2.0.3 are affected by an information disclosure vulnerability (CVE-2024-52905) that can disclose sensitive database information to a privileged user. The CVSSv3.1 base score is 2.7 (LOW) with network attack vector...

IBM Db2 信息泄露漏洞

IBM Db2 is a relational database management system from International Business Machines IBM. The system executes on UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from an information disclosure vulnerability that originates when ADMINCMD is used in conjunction with IMPORT o...

Tencent TDSQL 安全漏洞

Tencent tdsql is a distributed database from the Chinese company Tencent Tencent. An unspecified vulnerability exists in Tencent TDSQL, which can be exploited by an attacker to discover database information...

CVE-2023-43836

There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information...

Authenticated SQL Injection in OpenSIS Classic v9.0 and earlier

Description SQL injection in OpenSIS Classic v9.0 and earlier allows remote authenticated attackers to execute SQL code via the id parameter in MassScheduleModal.php leading to full database information disclosure. Version At the time of reporting, the most up-to-date version of the master branch...

IBM DB2 授权问题漏洞

IBM DB2 is a relational database management system from the U.S. IBM Db2 information disclosure vulnerability can be exploited by attackers to obtain sensitive information...

Wuzhi WUZHI CMS SQL注入漏洞

WUZHI CMS WUZHI CMS is a high-performance open source content management system , support for LNAMP architecture , suitable for portals , corporate Web site , mobile site , microblogging promotion. WUZHI CMS 4.1.0 version of the /coreframe/app/content/admin/content.php in the checktitle function...

Sql injection

Online Ordering System 1.0 is vulnerable to unauthenticated SQL injection through /onlineordering/GPST/admin/design.php, which may lead to database information disclosure...

SQL Injection Vulnerability in DSS Safe City System of Zhejiang Dahua Technology Co.

Zhejiang Dahua Technology Co., Ltd, is the world's leading video-centered intelligent IOT solution provider and operation service provider, providing end-to-end video surveillance solutions, systems and services for city operations and more. A SQL injection vulnerability exists in the DSS Safe Ci...

SQL injection vulnerability in the frontend of the Ship 100 virtual goods auto-shipment system

Shipping 100 Virtual Goods Autoship System is a virtual goods autoship system/article pay to read system. Shipping 100 virtual goods autoship system SQL injection vulnerability exists in the foreground, an attacker can exploit the vulnerability to obtain database sensitive information...

CVE-2012-6079

CVE-2012-6079 affects the WordPress plugin W3 Total Cache prior to version 0.9.2.5. The described issue allows an attacker to retrieve sensitive cached database information by guessing or accessing hash keys, effectively disclosing data from the cache layer remotely. This vulnerability is documen...

SQL injection vulnerability in seacms backend ad***_co***.php page (CNVD-2019-41066)

seacms ocean video management system, ocean cms is a video-on-demand system based on PHP + MySql technology. There is a SQL injection vulnerability in the adco.php page in the background of seacms. Attackers can use the vulnerability to obtain sensitive information in the database...

SQL Injection Vulnerability in the Frontend of Laboratory Integrated Management System of Hunan Santang Information Technology Co.

Hunan Suntang Information Technology Co., Ltd. takes IT operation and maintenance integration platform and IT operation and maintenance service sharing platform as the core, and builds "Internet of Things" type IT integration operation and maintenance platform with the business system supplemente...

SQL Injection Vulnerability in Medical Online Exam System aj***.ashx Page of Nanjing Pinde Technology Co.

Nanjing Pintech medical online examination system enables users to realize the organization and management of online examination work. SQL injection vulnerability exists in the aj.ashx page of the medical online examination system of Nanjing Pinde Technology Limited Liability Company, which can b...