OpenClinic GA SQL注入漏洞

OpenClinic GA is an open source hospital information management system. The system supports financial management, clinical management and laboratory management and other functions. An SQL injection vulnerability exists in the findSector parameter of the "Patientslist.do" page in OpenClinic GA...

OpenClinic GA SQL注入漏洞

OpenClinic GA is an open source hospital integrated information management system . A SQL injection vulnerability exists in manageServiceStocks.jsp in OpenClinic GA version 5.173.3. An attacker can exploit this vulnerability through a specially crafted HTTP request to conduct a SQL injection atta...

OpenClinic GA SQL注入漏洞

OpenClinic GA is an open source hospital information management system. The system supports financial management, clinical management and laboratory management and other functions. An SQL injection vulnerability exists in the immoBuyer parameter in listImmoLabels.jsp in OpenClinic GA version...

WordPress和Sprymedia DataTables SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.Sprymedia DataTables is a JavaScript library for converting HTML tables to dynamic tables from the UK company...

CVE-2021-30000

An issue was discovered in LATRIX 0.6.0. SQL injection in the txtaccesscode parameter of inandout.php leads to information disclosure and code execution...

Rockwell Automation FactoryTalk AssetCentre SQL注入漏洞

Rockwell Automation FactoryTalk AssetCentre is an asset management software tool from Rockwell Automation that allows manufacturers and industrial companies to centrally manage controllers and other automation-related assets. An SQL injection vulnerability exists in Rockwell Automation FactoryTal...

CVE-2021-24141

Unvaludated input in the Advanced Database Cleaner plugin, versions before 3.0.2, lead to SQL injection allowing high privilege users admin+ to perform SQL attacks...

Wordpress Load More SQL注入漏洞

Wordpress Load More is Wordpress an open source application plugin . Provide a load more items function . WordPress Load More plugin before 5.3.2 SQL injection vulnerability exists , the vulnerability stems from /wp-admin/admin-ajax.php repeater parameter or type=test parameter...

Egavilan Media Bakeshop Online Ordering System SQL注入漏洞

Egavilan Media Bakeshop Online Ordering System is a Javascript-based code repository that supports interaction with git repositories from Egavilan Media. A SQL injection vulnerability exists in Online Ordering System 1.0, which allows unauthenticated SQL injection, leading to the disclosure of...

SourceCodester Courier Management System SQL注入漏洞

SourceCodester Courier Management System is an application program of SourceCodester. The system provides management functionality. An SQL injection vulnerability exists in Courier Management System 1.0, which originates in the ref no POST parameter of admin class.php...

The vulnerability of the CheckList component of the Joomla! content management system allows a hacker to execute arbitrary SQL commands.

The vulnerability of the CheckList component in the Joomla! content management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands remotely...

PHPGurukul Online Book Store SQL注入漏洞

Online BookStore is an online bookstore program. There is a sql injection vulnerability in Online Book Store v1.0. The vulnerability is caused by the id parameter in detail.php not filtering special characters, and an attacker can execute arbitrary SQL statements through this vulnerability...

CVE-2021-22654

Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information...

Cisco SD-WAN vManage Cypher Query Language Injection (cisco-sa-vmanage-cql-inject-72EhnUc)

According to its self-reported version, Cisco SD-WAN vManage is affected by a information disclosure vulnerability due to insufficient input validation by the web-based management interface. An authenticated, remote attacker can exploit this, via crafted HTTP requests, to obtain sensitive...

CVE-2021-1282

Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisc...

Cisco Data Center Network Manager SQL注入漏洞

Cisco Data Center Network Manager DCNM is a suite of data center network managers from Cisco that provides multiprotocol management of the network and troubleshooting of switch operating conditions and performance. A SQL injection vulnerability exists in the REST API endpoint of Cisco Data Center...

Cacti SQL注入漏洞

Cacti is an open source, web-based network monitoring and mapping tool, a front-end application designed for the data logging tool RRDtool. A SQL injection vulnerability exists in datadebug.php in Cacti. An attacker can exploit this vulnerability to execute arbitrary SQL commands via the siteid...

PT-2020-17397 · Phplist · Phplist

Name of the Vulnerable Software and Affected Versions: phpList version 3.5.9 Description: The issue allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page. Recommendations: For phpList version 3.5.9, consider restricting access to t...

Sourcecodester Online Health Care System SQL Injection Vulnerability

Sourcecodester Online Health Care System is a Php-based website builder for online health checkups from Sourcecodester, Inc. Online Health Card System 1.0 suffers from a SQL injection vulnerability that originates from a database application that lacks validation of externally entered SQL...

PT-2020-17197 · Cyberoam · Cyberoamos

Name of the Vulnerable Software and Affected Versions: Cyberoam OS versions prior to 2020-12-04 Description: An SQL injection vulnerability in the WebAdmin of Cyberoam OS allows unauthenticated attackers to execute arbitrary SQL statements remotely. Recommendations: For versions prior to...