9874 matches found
SQL Injection Vulnerability in Online Teaching Platform of Higher Education Publishing House
The Higher Education Publishing House Online Teaching Platform is a system that provides online teaching and learning. A SQL injection vulnerability exists in the Higher Education Publishing House Network Teaching Platform, which can be exploited by attackers to obtain sensitive information from...
Techsoft Web Solutions CMS SQL Injection Vulnerability
TECHSOFT is a WEB solution. A remote SQL injection vulnerability exists in Techsoft Web Solutions CMS. A remote attacker is able to execute malicious sql commands to connect to dbms...
Cades SQL Injection Vulnerability
Cades is an online service application. Cades has a remote SQL injection vulnerability. A remote attacker is able to execute malicious sql commands to connect to dbms...
Katello: Authenticated sql injection via sort_by and sort_order request parameter
An input sanitization flaw was found in the scoped search parameters sortby and sortorder in the REST API. An authenticated user could use this flaw to perform an SQL injection attack on the Katello back end database...
SQL injection vulnerability in the 'atdid' parameter of the mining system of Shenzhen JTS Communications Co.
Ltd. is a communication enterprise providing communication services and communication products. A SQL injection vulnerability exists in the program mining system of Shenzhen Jishu Communication Co. The lack of filtering of the 'atdid' parameter allows an attacker to exploit the vulnerability to...
SQL Injection Vulnerability in Human Resource Management Platform of Guangzhou Hexie Software Technology Co.
Guangzhou Hexie Software Technology Co., Ltd. is a high-tech enterprise specializing in the research and development of human resource management software. HR software is an informatization tool that can assist in managing the company's human resources. There is a SQL injection vulnerability in t...
modified eCommerce SQL Injection Vulnerability
modified eCommerce is an open source store software. Modified eCommerce suffers from a SQL injection vulnerability due to the easybillcsv.php file failing to adequately filter the 'ordersstatus' and 'customersstatus ' GET parameters, allowing remote attackers to submit specially crafted SQL queri...
WordPress Booking Calendar Contact Form Plugin SQL Injection Vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress Booking Calendar Contact Form plugin suffers from a SQL injection vulnerability by adding specially crafted shortco...
Ramui Forum Script SQL Injection Vulnerability
Ramui Forum Script is free PHP forum script. Ramui Forum Script suffers from a SQL injection vulnerability due to a lack of user input restrictions in /gb/include/page.php. An attacker is able to execute unfiltered SQL requests with malicious code...
Ecava IntegraXor SQL Injection Vulnerability
Ecava IntegraXor is a set of Web-based tools for creating and running HMI Human Machine Interface interfaces for SCADA systems from Ecava Malaysia. A SQL injection vulnerability exists in Ecava IntegraXor versions prior to 5.0 build 4522. A remote attacker can exploit the vulnerability to execute...
Redaxo CMS has multiple vulnerabilities
Redaxo CMS is an open source Web portal content management system CMS. The system supports custom modules , plug-in extensions , project backup and so on. SQL injection and cross-site scripting vulnerabilities exist in Redaxo CMS , allowing attackers to exploit the vulnerabilities to execute...
Thru Managed File Transfer Portal SQL Injection Vulnerability
Thru Managed File Transfer Portal is a web-based file transfer application. A SQL injection vulnerability exists in Thru Managed File Transfer Portal version 9.0.2. The program fails to filter the values of the sortorder and letterrange attributes, allowing an attacker to inject arbitrary SQL...
Cacti SQL Injection Vulnerability (CNVD-2016-02215)
Cacti is a suite of open source network traffic monitoring and analysis tools from the Cacti Group. A SQL injection vulnerability exists in the tree.php file in Cacti 0.8.8g and earlier versions, which can be exploited by remote attackers to execute arbitrary SQL commands with the help of the...
Huawei Policy Center SQL Injection Vulnerability
Huawei Policy Center is a set of policy management center software from Huawei China. The software provides features such as visitor management and personalized customization of the Portal login interface. A SQL injection vulnerability exists in Huawei Policy Center using software versions...
Linyi Yifeng Network Technology Service Co., Ltd. website system has SQL injection vulnerabilities
Linyi Yifeng Network Technology Service Co., Ltd. is a comprehensive network technology service company integrating e-commerce service, e-commerce training and e-commerce. SQL injection vulnerability exists in the website building system of Linyi Yifeng Network Technology Service Co. Ltd. Due to...
SocialEngine SQL Injection Vulnerability
SocialEngine is a PHP-based social networking platform that allows the creation of social networks on websites. An injection vulnerability exists in SocialEngine SQL. Due to insufficient filtering of input passed to the "/index.php" script via the "orderby" HTTP GET parameter, an unauthenticated...
ProjectSend has multiple vulnerabilities
ProjectSend formerly known as cFTP is a suite of self-hosted applications based on PHP and MySQL. ProjectSend contains authentication bypass vulnerabilities, SQL injection vulnerabilities, and arbitrary file download vulnerabilities, which can be exploited by an attacker to execute arbitrary code...
Redaxo CMS SQL Injection Vulnerability
Redaxo CMS is an open source Web portal content management system CMS. The system supports custom modules , plug-in extensions , project backup and so on. SQL injection vulnerabilities exist in Redaxo CMS. Allows attackers to exploit these vulnerabilities to steal cookie-based authentication, tak...
Osclass SQL Injection Vulnerability
OSClass is a PHP MySQL based development , used to create and manage classified ads website open source system . Osclass suffers from a SQL injection vulnerability. Because the input passed to the "/index.php" PHP script via the "itemsPerPage" HTTP GET parameter fails to filter user input, an...
EClinicalWorks Population Health Client Portal SQL Injection Vulnerability
EClinicalWorks Population Health is a suite of population health solutions from EClinicalWorks, Inc. that provides dashboard analytics, patient appointment scheduling, care planning, and a secure network for patient referrals, among other features.Client Portal is one of these portals. SQL...