PT-2021-2859 · Cisco · Cisco Sd-Wan Vmanage

Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN vManage Software affected versions not specified Description: The issue is related to insufficient neutralization of special elements in data requests in the web-based management interface of Cisco SD-WAN vManage Software. This...

PYSEC-2021-10

A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the rawsql input field of the SQL explain, analyze, or select form...

Django SQL注入漏洞

Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system, and more. An SQL injection vulnerability exists in Django Debug Toolbar, which can be exploited by an...

VulnCheck KEV: CVE-2021-27101

Accellion FTA contains a SQL injection vulnerability exploited via a crafted host header in a request to documentroot.html...

OpenClinic GA SQL注入漏洞

OpenClinic GA is an open source hospital integrated information management system . An SQL injection vulnerability exists in the code parameter in getAssets.jsp in OpenClinic GA version 5.173.3. An attacker can exploit this vulnerability by sending an HTTP request to perform a SQL injection attac...

Mainway FireEye EX SQL注入漏洞

Mainway FireEye EX is an all-in-one platform for enterprise security from Mainway, a China-based company. the FireEye® Central Management Platforms CM Series are a set of management platforms that consolidate the management, reporting, and data sharing of FireEye products into a single, easily...

HPE Orchestrator SQL注入漏洞

HPE Network Orchestrator uses the HPE family of storage devices to organize and monitor end-to-end, multi-protocol mesh architectures, improving their uptime, resilience and predictability. A SQL injection vulnerability exists in HPE Network Orchestrator versions prior to 2.5. The vulnerability...

Wordpress Advanced Database Cleaner SQL注入漏洞

Wordpress Advanced Database Cleaner is an application plugin for Wordpress. The plugin is used to clean up the database by removing isolated items such as old revisions, spam comments, optimizing the database etc. A SQL injection vulnerability exists in versions of the Advanced Database Cleaner...

CVE-2021-27947

SQL Injection vulnerability in MyBB before 1.8.26 via the Copy Forum feature in Forum Management. issue 2 of 3...

MyBB SQL注入漏洞

MyBB is a free open source forum software. A SQL injection vulnerability exists in the Copy Forums feature of the Forum Manager in versions of MyBB prior to 1.8.26. No detailed vulnerability details are available at this time...

SourceCodester Courier Management System SQL注入漏洞

SourceCodester Courier Management System is an application program of SourceCodester. The system provides management functions. Courier Management System 1.0 1.0 A SQL injection vulnerability exists, which originates in the MULTIPART street field...

Soar Cloud System SQL注入漏洞

Soar Cloud System is a HR system solution system developed by Soar. The Soar Cloud System HR portal suffers from a SQL injection vulnerability that stems from not filtering SQL injection statements, which allows a remote attacker to inject SQL syntax and obtain all data in the database without...

LibreNMS SQL注入漏洞

Librenms is an open source network monitoring system based on PHP and MySQL from the Librenms community. The system features customizable alerts, auto-discovery of the network environment and automatic updates. A SQL injection vulnerability exists in LibreNMS versions prior to 21.1.0, which...

Wclimb Koa2-blog SQL Injection Vulnerability

Wclimb Koa2-blog is a Node, Mysql based blog builder system by the individual developer of Wclimb. A SQL injection vulnerability exists in koa2-blog 1.0.0, which allows remote attackers to inject malicious Sql statements into the login page via the name parameter...

CVE-2020-26712

REDCap 10.3.4 contains a SQL injection vulnerability in the ToDoList function via sort parameter. The application uses the addition of a string of information from the submitted user that is not validated well in the database query, resulting in an SQL injection vulnerability where an attacker ca...

Evolucare Ecsimaging SQL Injection Vulnerability

Evolucare Ecsimaging is a mobile application for viewing medical radiology images from the French company Evolucare. A SQL injection vulnerability exists in Evolucare Ecsimaging version 6.21.5 and earlier versions in the login form and password forget form, which can be exploited to obtain data...

HGiga MailSherlock SQL Injection Vulnerability (CNVD-2021-05402)

HGiga MailSherlock is an email archiving and auditing system that provides a complete email security solution. HGiga MailSherlock suffers from a SQL injection vulnerability. An attacker can exploit this vulnerability to inject and execute SQL commands in URL parameters...

OpenAsset Digital Asset Management SQL Injection Vulnerability

Openasset is a digital asset management software for the website building industry from Openasset UK. OpenAsset Digital Asset Management suffers from a SQL injection vulnerability that originates from a blind remote SQL injection via authentication, which can be exploited by an attacker to gain...

SQL Injection Vulnerability in JeecgBoot Frontend

JeecgBoot is a low-code BPM-based platform. A SQL injection vulnerability exists in the frontend of JeecgBoot. An attacker can exploit the vulnerability to obtain sensitive database information...

SQL Injection Vulnerability in Kaixin Worklog System worklog

Kaixin Worklog Worklog system is a software system based on B/S to build the collaborative office within the enterprise. The system uses ASP.NET language development. Worklog system worklog star SQL injection vulnerability , attackers can use the vulnerability to obtain sensitive information...