Siemens XHQ SQL Injection Vulnerability

Siemens XHQ is a software platform that aggregates plant or pipeline operational data, processes it in a goal-oriented manner, and then makes decisions in real time to effectively improve plant or pipeline operational performance. A SQL injection vulnerability exists in Siemens XHQ versions prior...

hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized...

SQL Injection Vulnerability in the Comprehensive Management Platform of Beijing Zhongcheng Kexin Technology Development Co. Ltd (CNVD-2020-70798)

Beijing Zhongcheng Kexin Technology Development Co., Ltd. is a travel whole industry chain service provider. A SQL injection vulnerability exists in the integrated management platform of Beijing Zhongcheng Kexin Technology Development Co. An attacker can exploit this vulnerability to obtain...

SQL Injection Vulnerability in the Comprehensive Management Platform of Beijing Zhongcheng Kexin Technology Development Co. Ltd (CNVD-2020-70797)

Beijing Zhongcheng Kexin Technology Development Co., Ltd. is a travel whole industry chain service provider. A SQL injection vulnerability exists in the integrated management platform of Beijing Zhongcheng Kexin Technology Development Co. An attacker can exploit this vulnerability to obtain...

Online Doctor Appointment Booking System SQL Injection Vulnerability

Online Doctor Appointment Booking System is a web-based online appointment booking system from PHP Scripts Mall Php Scripts Mall, India. Online Doctor Appointment Booking System suffers from a SQL injection vulnerability that originates from a SQL injection vulnerability in the getuser.php...

CVE-2020-29284

The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the tableid parameter which allows unauthenticated SQL Injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?tableid= to trigger the...

Vulnerabilities fixed in Joomla!

Vulnerabilities have been fixed in Joomla! The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Security measure circumvention SQL Injection Accessing sensitive data Accessing system data Joomla! provides...

Resourcexpress Meeting Monitor SQL Injection Vulnerability

Resourcexpress Meeting Monitor is a meeting booking software from Resourcexpress UK. It centralizes the management of meeting room screens and desk booking equipment to support rational meeting booking. A SQL injection vulnerability exists in Resourcexpress Meeting Monitor version 4.9, which stem...

SQL injection vulnerability in the background lo***.php page of Shield Spirit merchandise promotion system

Shield Spirit commodity promotion system can be applied to multiple types of public number, personal or business subscription number and service number can be used, easy to docking all kinds of public number, through the WeChat public number of the relevant interfaces configured to come into effe...

SQL Injection Vulnerability in Shield Spirit Commodity Promotion System Frontend he***.php Page

Shield Spirit commodity promotion system can be applied to multiple types of public number, personal or business subscription number and service number can be used, easy to docking all kinds of public number, through the WeChat public number of the relevant interfaces configured to come into effe...

SQL injection vulnerability in ad***.cl***.php file in the backend of MTCEO repository system

MTCEO library system using php + mysql, built by thinkphp underlying , Baidu library template style for the basic style . MTCEO library system background ad.cl.php file SQL injection vulnerability. Attackers can use the vulnerability to obtain database sensitive information...

SQL Injection Vulnerability in UFIDA GRP-U8 Higher Education Internal Control Management Software of Beijing UFIDA Administrative Software Co.

Beijing UFIDA Government Software Co., Ltd. was jointly established by UFIDA Group and the Institute of Fiscal Science of the Ministry of Finance, and is an all-around business management informatization solution provider for government departments, institutions and non-profit organizations. A SQ...

SQL Injection Vulnerability in BlueCMS v1.6

bluecms is a free professional local portal system developed by open source combination PHP + MYSQL, focusing on local portal CMS. BlueCMS v1.6 suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

Nagios XI 'Manage Users' SQL Injection Vulnerability

Nagios XI is an IT infrastructure monitoring solution. The solution supports monitoring and alerting of applications, services, operating systems and more. A SQL injection vulnerability exists in Nagios XI 'Manage Users'. An attacker can exploit this vulnerability to execute illegal SQL commands...

Vulnerability fixed in Nexpose

A vulnerability has been fixed in Nexpose. The vulnerability allows an authenticated malicious party to execute an SQL injection to execute and thereby obtain sensitive data. Rapid7 has released updates to fix the vulnerability. More information can be found on the page below:...

SQL Injection Vulnerability in Shield Spirit Original Article Submission System 1.0

Shield Spirit Original Article Submission System 1.0 is a concise submission system. Shield Spirit Original Article Submission System 1.0 suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database...

SQL Injection Vulnerability in ZZCMS2020 Backend (CNVD-2020-59409)

ZZCMS is a content management system. A SQL injection vulnerability exists in the backend of ZZCMS2020, which can be exploited by attackers to obtain sensitive information from the database...

vulhub1

It is an offensive tool for web application vulnerability training. The target product/service or framework is not explicitly stated, but the repository contains various vulnerable environments based on Docker-Compose, including Flask, Git, InfluxDB, and more. The vulnerability class/vector is no...

SQL Injection Vulnerability in Pinecone Enterprise Website System

Pinecone enterprise website system is an asp+access for development at the same time to support the mobile terminal and pc terminal asp enterprise website source code. Pinecone enterprise website system has a SQL injection vulnerability. Attackers can use the vulnerability to obtain sensitive...

SQL Injection Vulnerability in the Management Platform of Internet Service Establishments of Harbin Zhonglong Baiying Technology Development Co.

Harbin Zhonglong Baiying Technology Development Co., Ltd. was founded on May 29, 2013, mainly engaged in computer hardware and software, office automation equipment, security equipment and so on. Harbin Zhonglong Baiying Technology Development Co., Ltd. has a SQL injection vulnerability in the...