zzcms SQL Injection Vulnerability (CNVD-2018-06859)

ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A security vulnerability exists in ZZCMS version 8.2. An attacker can use the 'id' parameter in adv2.php?action=modify request to inject SQL commands and obtain passwords...

CVE-2018-8967

An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in an adv2.php?action=modify request...

SQL Injection Vulnerability in ZZCMS Version 8.2

Webmaster Merchants Content Management System ZZCMS developed by the ZZCMS team, into the database optimization, content caching, AJAX and other technologies, open source, independent functional modules, to facilitate secondary development. There is a SQL injection vulnerability in ZZCMS version...

SQL Injection Vulnerability in Guangzhou Haiji Network Company's Website Building System

The main business scope of Guangzhou Haiji Network Company includes: software development OA, CRM, sales and inventory, etc., e-commerce one-stop service for website production, network promotion, website operation, etc., small integrated cabling internal LAN, etc. and IT outsourcing services...

YzmCMS SQL Injection Vulnerability

YzmCMS is an open source CMS Content Management System developed by Chinese programmer Yuan Zhimeng. A SQL injection vulnerability exists in the \application\admin\controller\updateurls.class.php file in YzmCMS version 3.6. A remote attacker can exploit this vulnerability by sending a 'catids'...

Multiple SQL Injection Vulnerabilities in Saifor CVMS HUBs

Saifor CVMS HUB is a data center visual management system from the Saifor team in Spain. Multiple SQL injection vulnerabilities exist in Saifor CVMS HUB version 1.3.1. A remote attacker can exploit this vulnerability by sending multiple parameters to /cvms-hub/privado/seccionesmib/secciones.xhtml...

CVE-2017-17420

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUJobCountHistory Get method requests. The issue...

Event Manager SQL Injection Vulnerability

Event Manager is a PHP-based event management script . A SQL injection vulnerability exists in Event Manager version 1.0. A remote attacker can inject SQL commands by sending the 'id' parameter to the event.php file or the 'slug' parameter to the page.php file...

Worry-Free Shopping System ASP General Edition suffers from SQ Injection Vulnerability

Hassle-free shopping system ASP General Edition is a shopping site based on ASP/Access development of general management system set up. Worry-Free Shopping System ASP General Edition suffers from SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database...

CVE-2018-6363

SQL Injection exists in Task Rabbit Clone 1.0 via the singleblog.php id parameter...

Jiangxi Lugu Network Technology Co., Ltd. website construction system with SQL injection vulnerability

Jiangxi Six Valley Network Technology Co., Ltd. is a company that provides targeted, personalized enterprise website construction solutions. Jiangxi LiuGu Network Technology Co., Ltd. website construction system exists SQL injection vulnerability. Attackers can use the vulnerability to access or...

E.I Hi-Tech Professional Local Directory Script SQL Injection Vulnerability

E.I Hi-Tech Professional Local Directory Script is a set of PHP and MySQL based scripts for creating local directories from E.I Hi-Tech Technolgies, USA. A SQL injection vulnerability exists in version 1.0 of E.I Hi-Tech Professional Local Directory Script. A remote attacker can create a local...

SQL Injection Vulnerability in CMS of Shenzhen Aipres Technology Co.

Ltd. is engaged in website construction, enterprise application software development, enterprise network brand integration of enterprise "brand" management one-stop solution. Ltd. building CMS there are SQL injection vulnerabilities, attackers can use the vulnerability to access or modify the...

Zenario SQL Injection Vulnerability

Zenario is a web-based content management system for multilingual websites. A SQL injection vulnerability exists in Zenario versions 7.1 through 7.6. A remote attacker can exploit this vulnerability to execute malicious SQL commands with the help of the 'Name' input field in the organizer.php or...

SQL Injection Vulnerability in the Enterprise Website System of Zhongshan Tengning Network Technology Co.

Zhongshan TENNING Network Technology Co., Ltd. is a professional and technical company focusing on enterprise website construction, promotion, WeChat development, focusing on providing SMEs with the most cost-effective website building services. TENNING Network Technology Co., Ltd. corporate...

SQL Injection Vulnerability in CloudLock Win_3.1.6 Version

CloudLock is a free server security management software based on operating system kernel hardening technology, which supports cross-platform real-time, batch and remote security management of windows/linux servers. CloudLock Win3.1.6 has a SQL injection vulnerability that can be exploited by...

SQL Injection Vulnerability in DuxCms 3.0

DuxCms is a small and medium-sized website builder based on PHP+MYSQL and written in CANPHP framework. DuxCms 3.0 suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

Rocket.Chat Server SQL Injection Vulnerability

Rocket.Chat Server is a Web-based open source online chat platform. A security vulnerability exists in Rocket.Chat Server 0.59 and earlier versions. An attacker can exploit the vulnerability to take control of the administrator account...

JEXTN Question And Answer extension SQL Injection Vulnerability

Joomla! is the U.S. Open Source Matters team developed a set of open source content management system CMS, the system provides RSS feeds, site search and other functions.JEXTN Question And Answer extension is used in one of the online question and answer plug-ins. A SQL injection vulnerability...

Razer US: SQL Injection on careers.razerzone.com within the Admin interface without any access credentials

The researcher discovered a SQL Injection vulnerability on our careers.razerzone.com host, which is used to list job openings for Razer worldwide and receive application submissions from potential hires. This vulnerability could have allowed the exfiltration of admin credentials as well as person...