1149 matches found
MGASA-2019-0357 Updated phpmyadmin packages fix security vulnerability
An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/ table name can be used to trigger a SQL injection attack through the designer feature CVE-2019-18622...
SQL Injection Vulnerability in RGcms Backend
RGcms is an open source building management system , written in PHP language , the system features free , extended , extremely fast security , free and open source . RGcms background SQL injection vulnerability , attackers can use the vulnerability to obtain sensitive database information...
CVE-2019-6658
On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, a vulnerability in the AFM configuration utility may allow any authenticated BIG-IP user to run an SQL injection attack...
Command injection
A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in...
PT-2019-17485 · Youphptube · Youphptube
Name of the Vulnerable Software and Affected Versions: YouPHPTube version 7.6 Description: An exploitable SQL injection issue exists in the authenticated portion of the software. Specially crafted web requests can cause SQL injections, potentially allowing exfiltration of the database and user...
WordPress awesome-filterable-portfolio plugin SQL injection vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. awesome-filterable-portfolio is a plugin that supports the creation, management and publishing of personal portfolios. A SQL injection...
SQL Injection Vulnerability in Guangzhou Yuege Network Technology Co.
Guangzhou Yuege Network Technology Co., Ltd. is focused on the development of website construction and services for various small and medium-sized enterprises. There is a SQL injection vulnerability in the website building system of Guangzhou Yuege Network Technology Co. Attackers can use the...
CVE-2019-17318
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmseInbox module by a Regular user...
S-CMS php version enterprise website builder system v3.0 backend aj***.php C**_1y*** parameter SQL injection vulnerability
S-CMS enterprise station building system is Zibo Shining Network Technology Co., Ltd. developed a specialized enterprise station building solutions for the product. S-CMS php version of the enterprise website building system v3.0 background aj.php C1y parameter there is a SQL injection...
PT-2019-16927 · Ibm · Ibm Sterling File Gateway
Name of the Vulnerable Software and Affected Versions: IBM Sterling File Gateway versions 2.2.0.0 through 6.0.1.0 Description: The issue allows a remote attacker to send specially-crafted SQL statements, potentially enabling them to view, add, modify, or delete information in the back-end databas...
Security Update for .NET Core SDK (Sep 2019)
The Microsoft .NET Core SDK installation on the remote host is version 2.1.x 2.1.509, or 2.1.606 or 2.1.802, 2.2.x 2.2.109 or 2.2.206 or 2.2.302. It is, therefore, affected by multiple vulnerabilities: - A denial of service vulnerability when .Net Core improperly handles web requests. An...
SQL Injection Vulnerability in MayiCMS
MayiCMS is a classified information system. MayiCMS suffers from a SQL injection vulnerability. An attacker can exploit this vulnerability to obtain sensitive information from the database...
CVE-2019-13447
An issue was discovered in Sertek Xpare 3.67. The login form does not sanitize input data. Because of this, a malicious agent could access the backend database via SQL injection...
DEBIAN-CVE-2019-1010017
libnmap v0.6.3 is affected by: XML Injection. The impact is: Denial of service DoS by consuming resources. The component is: XML Parsing. The attack vector is: Specially crafted XML payload...
Sitecore 9.0 rev 171002 - Persistent Cross-Site Scripting Vulnerability
Exploit for asp platform in category web applications Exploit Title: Stored Cross Site Scripting XSS in Sitecore 9.0 rev 171002 Exploit Author: Owais Mehtab Vendor Homepage: http://www.sitecore.net/en Version: 9.0 rev. 171002 Tested on: Sitecore Experience Platform 8.1 Update-3 i.e.; 8.1 rev...
OLX: SQL Injection on https://www.olx.co.id
I found the SQL Injection on the website https://www.olx.co.id Affectected URL : https://www.olx.co.id/ajax/buybundle/getbundle/ POC: 1 In this below request i got SQL injection vulnerability in location parameter post method POST /ajax/buybundle/getbundle/ HTTP/1.1 Host: www.olx.co.id User-Agent...
SalesAgility SuiteCRM SQL Injection Vulnerability (CNVD-2019-16998)
SalesAgility SuiteCRM is a suite of enterprise-grade open source customer relationship management CRM. A SQL injection vulnerability exists in SalesAgility SuiteCRM versions 7.8.x prior to 7.8.30, 7.10.x prior to 7.10.17, and 7.11.x prior to 7.11.5, which can be exploited by an attacker to execut...
SQL Injection Vulnerability in the Website Building System of Qihang Internet Information Technology Co.
Ltd. is a Tianjin website construction company as well as a Tianjin network company. There is a SQL injection vulnerability in the website building system of Tianjin Enterprise Zhicheng Technology Co. An attacker can use the vulnerability to obtain sensitive information from the database...
UBUNTU-CVE-2019-5783
Missing URI encoding of untrusted input in DevTools in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform a Dangling Markup Injection attack via a crafted HTML page...
Joomla! objection injection attack vulnerability
Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A vulnerability exists in Joomla! versions prior to 3.9.3 that can be exploited b...