2819 matches found
SQL Injection Vulnerability in NUCMS V1.1
NUCMS content management system is an open source website management system. NUCMS V1.1 suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...
PHP Dashboards SQL Injection Vulnerability
A SQL injection vulnerability exists in PHP Dashboards. The vulnerability is caused due to a failure to adequately filter user-supplied data before it is used in the program's SQL queries, which can be exploited by an attacker to gain access to sensitive database information...
Event Manager Admin panel - events_new.php SQL injection
Event Manager Admin panel - eventsnew.php SQL injection Exploit Title: Event Manager PHP Script Admin panel - 'eventsnew.php' SQL injection Date: 2018-06-10 Exploit Author: telahdihapus Vendor Homepage: https://codecanyon.net/user/ezcode Software Link:...
Dingwei iPower CMS has multiple vulnerabilities
Dingwei iPower CMS is a website system developed by Chongqing Dingwei Network Technology Co. Dingwei iPower CMS exists SQL injection, XSS cross-site scripting vulnerabilities, the background management system also exists user guessing, ultra-rights access and other vulnerabilities, attackers can...
Multiple Vulnerabilities in EasyService Billing 'template_().php'
EasyService Billing is a PHP-based service-oriented consumer business management system . SQL injection and cross-site scripting vulnerabilities exist in EasyService Billing 'template.php'. The vulnerabilities can be exploited to obtain sensitive database information, execute arbitrary code in th...
NewsBee CMS 'home-text-edit.php' SQL Injection Vulnerability
NewsBee CMS is a news website CMS Content Management System. A SQL injection vulnerability exists in NewsBee CMS 'home-text-edit.php'. An attacker can exploit the vulnerability to obtain sensitive database information...
SQL Injection Vulnerability in Ocean CMS
Ocean CMS seacms is a video-on-demand system designed for webmasters with different needs. Ocean CMS is vulnerable to SQL injection. An attacker can exploit the vulnerability to obtain sensitive database information...
CVE-2018-11309
Blind SQL injection in couponcode in the MemberMouse plugin 2.2.8 and prior for WordPress allows an unauthenticated attacker to dump the WordPress MySQL database via an applyCoupon action in an admin-ajax.php request...
CVE-2018-11414
An issue was discovered in BearAdmin 0.5. There is admin/adminlog/index.html?userid= SQL injection because admin\controller\AdminLog.php constructs a MySQL query improperly...
E-Sic SQL Injection Vulnerability (CNVD-2018-10474)
E-Sic is a Brazilian electronic system for citizen information. A SQL injection vulnerability exists in E-Sic version 1.0. A remote attacker can exploit this vulnerability by sending the 'f' parameter to the esiclivre/restrito/inc/buscacep.php file to execute arbitrary SQL commands...
UBUNTU-CVE-2018-9019
SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categorieslist.php, /accountancy/admin/journalslist.php, /admin/dict.php,...
SAP NetWeaver suffers from unspecified SQL injection vulnerability (CNVD-2018-14849)
SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. SAP NetWeaver suffers from an unspecified SQL injection vulnerability that arises from failure to adequately...
SQL Injection Vulnerability in Axublog Version 1.1.0
Axublog is a PHP personal blog system. A SQL injection vulnerability exists in Axublog version 1.1.0. An attacker can exploit the vulnerability to obtain sensitive database information...
SQL Injection Vulnerability in State Micro CMS School Cluster System (College Cluster Edition)
State Micro CMS is one of the mainstream CMS systems in China, and is also the largest open source platform provider in the field of PHP in Southern China. SQL injection vulnerability exists in the version V20180314 of SMiCMS School CMS College CMS. Attackers can use the vulnerability to obtain...
The vulnerability of the editPolicy.jsp script in the Email Encryption Gateway system allows a hacker to execute arbitrary SQL queries.
The vulnerability of the editPolicy.jsp script in the Email Encryption Gateway system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries using the hidRuleld parameter...
SQL Injection Vulnerability in Website Construction System of Ningxia Hongfeng Network Technology Co.
Ningxia Hongfeng Network Technology Co., Ltd. is Ningxia Yinchuan area specializing in Internet services nature of the enterprise, to provide enterprise website construction, personal website production, 400 telephone for, website revision, website promotion, SEO keyword optimization, e-commerce...
iScripts eSwap SQL Injection Vulnerability
IScripts eSwap is an item trading program from IScripts Inc. that supports the use of virtual currency or direct item exchange. The program supports the use of virtual currencies to trade or directly exchange items.User Panel is one of the user panels. A SQL injection vulnerability exists in...
SQL Injection Vulnerability at CMS destination
Situ CMS is a self-developed website management system suitable for tourism website construction. A SQL injection vulnerability exists in CMS destination. The vulnerability is caused due to the system failing to strictly filter user input data. An attacker can exploit this vulnerability to obtain...
Gxlcms QY Information Disclosure Vulnerability
Gxlcms QY is an enterprise website creation system. A security vulnerability exists in the Lib\Lib\Action\Home\HitsAction.class.php file in Gxlcms QY version 1.0.0713. The vulnerability can be exploited by a remote attacker to read data from the database by injecting FROM clauses into the query...
SQL Injection Vulnerability in 08cms
08CMS Automotive Portal System is a solution for automotive portals, based on PHP+MYSQL development, super static page deployment, template and program separation, scalable architecture, open-type code, unlimited support for deep secondary development. SQL injection vulnerability exists in 08cms...