SQL injection vulnerability in a_from parameter of xycms add_article.php page

XYCMS was formerly known as Nanjing XYCMS Enterprise Station Building System, which is a commercial station building system based on ASP development. Xycms SQL injection vulnerability, the system on the addarticle.php page afrom parameter is not effectively filtered, attackers can exploit the...

Pivotal Cloud Foundry and UAA SQL Injection Vulnerabilities

Pivotal Cloud Foundry PCF is a product of Pivotal Software, Inc. in the United States. pcf is an open source platform-as-a-service PaaS cloud computing platform that provides container scheduling, continuous delivery, and automated service deployment, among other features. cf-release is a release...

Schneider Electric U.motion Builder track_getdata Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric U.motion Builder. No authentication is required to exploit this vulnerability. A remote code execution vulnerability exists in Schneider Electric U.motion Builder trackgetdata. T...

SQL Injection Vulnerability in Name Parameter of c9cms High-end Website Building System

C9CMS makes a free and open source enterprise building system. A SQL injection vulnerability exists in the name parameter of c9cms high-end website builder system. Attackers can use this vulnerability to obtain sensitive information in the database...

WSTMALL Mall System v1.9.2 SQL Injection Vulnerability in pkey Parameter

WSTMall is a multi-commercial O2O open source system developed by Merchant Software based on thinkphp , is a system that can help businesses and individuals to quickly build a community service system . WSTMALL mall system V1.9.2 version of the pkey parameter there is a SQL injection vulnerabilit...

Joomla Payage component 'aid' parameter SQL injection vulnerability

Joomla is an open source, cross-platform content management system CMS developed using PHP and MySQL. A SQL injection vulnerability exists in the 'aid' parameter of the Joomla Payage component, which allows an attacker to exploit the vulnerability to gain access to sensitive database information...

SQL Injection Vulnerability in Message Board Module of State Micro CMS Government Website System

SMi CMS Government Website System is a website system for governments, schools and groups. There is a SQL injection vulnerability in the message board module of SMiCMS government website system. Due to insufficient filtering of parameters, attackers can exploit the vulnerability to execute...

NetApp OnCommand Unified Manager Core Package SQL Injection Vulnerability

NetApp OnCommand Unified Manager Core Package is an OnCommand series of management software from American NetApp. A SQL injection vulnerability exists in NetApp OnCommand Unified Manager Core Package. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands...

Multiple SQL Injection Vulnerabilities in Trend Micro Control Manager

Trend Micro Control Manager TMCM is an integrated threat detection and data protection management center software from Trend Micro. Trend Micro Control Manager suffers from multiple SQL injection vulnerabilities that stem from a failure to adequately validate SQL queries before utilizing user dat...

SQL Injection Vulnerability in J_username Parameter of Spotlight Technology Air Quality Online Monitoring System

The Air Quality Online Monitoring System is a system produced by Spotlight Technology that can realize online automatic monitoring of regional air quality. A SQL injection vulnerability exists in the jusername parameter of Spotlight Technology's Air Quality Online Monitoring System, which allows...

SQL Injection Vulnerability in j_username Parameter of Campus Education Cloud Platform of Air English Classroom

The Air English Classroom Campus Education Cloud Platform is a digital English online teaching system. There is a SQL injection vulnerability in the jusername parameter of the Air English Classroom Campus Education Cloud Platform. It allows attackers to exploit the vulnerability to obtain sensiti...

SQL injection vulnerability in cid parameter of Fangfa CMS FcontentAction.class.php page

Fangfa CMS is a scalable web content management software. A SQL injection vulnerability exists in the cid parameter of the Fangfa CMS V4.0 FcontentAction.class.php page, which can be exploited by an attacker to obtain sensitive information from the database...

SQL Injection Vulnerability in Keyword Parameter of School Website Management System

The SchoolWise School Website Management System is a content management system for primary and secondary school websites. A SQL injection vulnerability exists in the Keyword parameter of the School Worry-Free School Website Management System. It allows attackers to exploit the vulnerability to...

WordPress HDW Player Plugin SQL Injection Vulnerability

HDW Player is an application plugin available on the official WordPress Store that provides streaming media playback services. The WordPress HDW Player plugin suffers from a SQL injection vulnerability, which is exploited by attackers to read sensitive information in the database...

Social Directory Script SQL Injection Vulnerability

Social Directory Script is a website that helps users to quickly build a social directory, where they can create a list of their favorite websites and add their favorite websites to the list. Social Directory Script 2.0 suffers from SQL injection in several parameters such as search and category...

Cell Phone Remote Lighting Monitoring System SQL Injection Vulnerability in txtUsername Parameter

Mobile Remote Lighting Monitoring System is a lighting monitoring system from China Electronic Technology Group Corporation. A SQL injection vulnerability exists in the Mobile Remote Lighting Monitoring System. The lack of filtering of the 'txtUsername' parameter allows an attacker to exploit the...

ZYCHCMS 'Fieldid' Parameter Has SQL Injection Vulnerability

ZYCHCMS is an enterprise website management system. ZYCHCMS v06 Build161216 suffers from a SQL injection vulnerability. The lack of filtering of the 'Fieldid' parameter allows attackers to exploit the vulnerability to obtain sensitive information about the database...

PHPCMS 'index.php' page has SQL injection vulnerability

PHPCMS is a website management software. The software adopts modular development and supports a variety of classification methods, using it can easily realize the design, development and maintenance of personalized websites. PHPCMS 'index.php' page has a SQL injection vulnerability, which can be...

Joomla Eventix Events Calendar Component SQL Injection Vulnerability

Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the Joomla BookLibrary component. An attacker can exploit the vulnerability to access or modify database data...

Joomla J-CruiseReservation Standard Component SQL Injection Vulnerability

Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the Joomla J-CruiseReservation Standard component. An attacker can exploit the vulnerability to access or modify database data...