PHP Event Calendar SQL注入漏洞

PHP Event Calendar is an open source AJAX-based multi-user modern event calendar. It is easy to integrate and fully customizable.PHP Event Calendar Lite Edition is vulnerable to SQL injection, which can be exploited by attackers to execute illegal SQL commands to obtain sensitive database data...

Simple Subscription Website SQL注入漏洞

Simple Subscription Website is a web-based application. SourceCodester Simple Subscription Website 1.0 is vulnerable to SQL injection, which can be exploited by attackers to perform SQL injection via login...

Fortinet FortiWLC SQL注入漏洞

Fortinet FortiWLC is a wireless LAN controller from Fortinet. A security vulnerability in Fortinet FortiWLC version 8.6.1 and below can be exploited by an attacker to disclose device, user, and database information via a crafted HTTP request...

PT-2021-21877 · Unknown · Online Shopping Portal

Name of the Vulnerable Software and Affected Versions: Online Shopping Portal version 3.1 Description: A security issue exists in the Online Shopping Portal, specifically an SQL Injection flaw. This issue is present in the email parameter on the "/check availability.php" endpoint, which checks if...

CVE-2021-40843

Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with SYSTEM privileges on the underlying server when a Web Console user triggers retrieval of...

Froxlor SQL注入漏洞

Froxlor is a lightweight server management software from the Froxlor team. a security vulnerability exists in Froxlor that allows SQL injection via custom database names in the database manager DbManagerMySQL.php. no details of the vulnerability are currently provided...

Samsung SMR SQL注入漏洞

Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung mobile applications. A SQL injection vulnerability exists in versions prior to Samsung SMR Oct-2021 Release 1. The vulnerability stems from a SQL injection vulnerability in the CMFA framework that allo...

Emerson WirelessHART Gateway SQL注入漏洞

The Emerson WirelessHART Gateway is a wireless gateway from Emerson USA. Emerson WirelessHART Gateway suffers from a SQL injection vulnerability that originates from an input validation error when processing a directory traversal sequence. An attacker could use this vulnerability to send a...

Input validation

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management...

Cisco SD-WAN vManage Software Cypher Query Language Injection (cisco-sa-sd-wan-jOsuRJCc)

According to its self-reported version, Cisco SD-WAN Viptela Software is affected by a vulnerability. - A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct cypher query language injection attacks on an...

CVE-2021-37422

Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases...

Vulnerabilities fixed in Dell iDRAC

Vulnerabilities have been fixed in Dell iDRAC. The vulnerabilities allow a malicious person to execute arbitrary code execute under user privileges by performing an SQL Injection, Denial-of-Service DoS and executing arbitrary code. It is good practice not to have such an environment publicly to b...

Solarwinds Orion Platform SQL注入漏洞

SolarWinds Orion Platform is a network fault and network performance management platform from SolarWinds, Inc. The platform provides real-time monitoring and profiling of network devices and supports custom web interfaces, multiple user opinions, and map-based browsing of the entire network. The...

WMS SQL注入漏洞

WMS is a warehouse management software. v1.0 version of WMS has a SQL injection vulnerability, the vulnerability is derived from the GET parameter "id" is passed without filtering, an attacker can use the vulnerability to obtain sensitive database information...

Vulnerabilities fixed in F5 BIG-IP

Vulnerabilities have been fixed in F5 BIG-IP. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution User Rights SQL Injection Access to...

Envoy SQL注入漏洞

Envoy is an open source distributed proxy server . envoyproxy envoy SQL injection vulnerability can be exploited by an attacker to cause a denial of service on the proxy...

EARCLINK ESPCMS SQL注入漏洞

Honghu Erchuang Netlink Information Technology EARCLINK ESPCMS is an enterprise website building system from China's Honghu Erchuang Netlink Information Technology Company. A SQL injection vulnerability exists in the espcmsweb/Search.php component of EARCLINK ESPCMS-P8, which can be exploited by...

Philips Healthcare Tasy Electronic Medical Record SQL注入漏洞

Philips Healthcare Tasy Electronic Medical Record EMR is a comprehensive healthcare informatics solution that addresses all areas of the healthcare environment, connecting the dots between clinical and non-clinical areas of the healthcare continuum. philips Healthcare Tasy Electronic Medical Reco...

Wordpress Plugin Broken Link Manager SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A SQL injection vulnerability exists in Wordpress Plugin Brok...

UBUNTU-CVE-2013-4717

Multiple SQL injection vulnerabilities in Open Ticket Request System OTRS Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm,...