764 matches found
WordPress 插件安全漏洞
WordPress is a set of Wordpress Foundation's blogging platform developed using the PHP language. The platform supports the erection of personal blog sites on servers with PHP and MySQL. WordPress Plugin is a WordPress open source application plugin. WordPress Squaretype has a security vulnerabili...
Kmaleon 1.1.0.205 SQL Injection
Exploit Title: Kmaleon 1.1.0.205 - 'tipocomb' SQL Injection Authenticated Google Dork: intitle: "Inicio de Sesión - Kmaleon" Date: 2021-11-05 Exploit Author: Amel BOUZIANE-LEBLOND Vendor Homepage: https://www.levelprograms.com Software Link: https://www.levelprograms.com/kmaleon-abogados/ Version...
USN-5123-1: MySQL vulnerabilities
Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.27 in Ubuntu 20.04 LTS, Ubuntu 21.04, and Ubuntu 21.10. Ubuntu 18.04 LTS has been updated to MySQL 5.7.36. In addition to security fixes, the...
Online Motorcycle (Bike) Rental System 1.0 SQL Injection
Exploit Title: Online Motorcycle Bike Rental System 1.0 - Blind Time-Based SQL Injection Unauthenticated Exploit Author: Chase ComardelleCASO Date: October 18, 2021 Vendor Homepage: https://www.sourcecodester.com/php/14989/online-motorcycle-bike-rental-system-phpoop-source-code.html Software Link...
Exploit for SQL Injection in Online-Shopping-System-Advanced_Project Online-Shopping-System-Advanced
CVE-2021-41648 CVE-2021-41648 SQL Injection in online-shoppin...
Exploit for SQL Injection in Online-Shopping-System-Advanced_Project Online-Shopping-System-Advanced
CVE-2021-41649 CVE-2021-41649 SQL Injection in online-shoppin...
SourceCodester Simple Food Website SQL Injection Vulnerability
SourceCodester Simple Food Website is a CMS by SourceCodester, Inc. developed using PHP and MySQL database. sourcecodester Basic Shopping Cart is vulnerable to SQL injection, which can be exploited by attackers to bypass authentication Become an administrator...
PT-2021-15376 · F5 · Big-Ip
Name of the Vulnerable Software and Affected Versions: BIG-IP versions 13.1.x through 13.1.3.6 BIG-IP versions 14.1.x through 14.1.3.1 BIG-IP versions 15.1.x through 15.1.3 Description: When the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and...
CVE-2021-39378
A SQL Injection vulnerability exists in openSIS 8.0 when MySQL MariaDB is being used as the application database. A malicious attacker can issue SQL commands to the MySQL MariaDB database through the NamesList.php str parameter...
F5 Networks BIG-IP : Advanced WAF and BIG-IP ASM MySQL database vulnerability (K36942191)
The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.3.6 / 14.1.3.1 / 15.1.3 / 16.0.0. It is, therefore, affected by a vulnerability as referenced in the K36942191 advisory. - On version 15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6, when the...
U.S. Dept Of Defense: SQL injection located in `███` in POST param `████████`
Hey DoD security team! I was able to exploit an SQL injection 1 in one of your domains. Description An SQL injection 1 was discovered in domain https://████████/██████ in the parameter ██████████. The SQL injection was located in a WHERE statment fallowed by a INT value. The vulnerable parameter...
Logic flaw vulnerability in PHPOK of Shenzhen Kunshuo Technology Co. Ltd (CNVD-2021-51497)
PHPOK is a set of popular enterprise website construction system written in PHP language and MySQL database. Ltd. PHPOK has a logic flaw vulnerability that can be exploited by attackers to gain control of the server...
Dream CMS suffers from SQL injection vulnerability (CNVD-2021-51284)
Dream CMS lmxcms is developed using php language and mysql database, and adopts the mainstream MVC design model. Dream CMS has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...
SQL Injection Vulnerability in Ai Qing Lemon CMS (CNVD-2021-51250)
Aizumi CMS is a php music website developed with php MySQL. Aizumi CMS suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...
Jinan Ai Cheng Network Technology Co., Ltd. iWebShop open source mall system with command execution vulnerabilities
iWebShop open source mall system is a PHP language and MYSQL database based on the development of B2B2C single-user and multi-user open source free mall system . Jinan Ai Cheng Network Technology Co., Ltd. iWebShop open source mall system there is a command execution vulnerability , attackers can...
Fedora: Security Advisory for cacti (FEDORA-2021-598b6d2924)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
DEBIAN-CVE-2021-29625
Adminer is open-source database management software. A cross-site scripting vulnerability in Adminer versions 4.6.1 to 4.8.0 affects users of MySQL, MariaDB, PgSQL and SQLite. XSS is in most cases prevented by strict CSP in all modern browsers. The only exception is when Adminer is using a pdo...
SKYUC video-on-demand system has SQL injection vulnerability
SKYUC video on demand system is a theater solution built using PHP language and MYSQL database. SKYUC Video-on-Demand System suffers from SQL injection vulnerability. Attackers can use the vulnerability to obtain database sensitive information...
Stripe: Object injection in `stripe-billing-typographic` GitHub project via /auth/login
An object injection vulnerability was discovered in the stripe-billing-typographic GitHub project, which allowed an attacker to bypass authentication and perform a SQL injection attack. The vulnerability was caused by a dependency called sqlstring, which mishandled objects in queries. The impact ...
Code Execution Vulnerability in EmpireCMS v7.5 Backend
EmpireCMS is an open source software program that runs on a PHP MySQL database. A code execution vulnerability exists in the EmpireCMS v7.5 backend, which can be exploited by an attacker to upload Trojan horse files and execute system commands...