PT-2020-17197 · Cyberoam · Cyberoamos

Name of the Vulnerable Software and Affected Versions: Cyberoam OS versions prior to 2020-12-04 Description: An SQL injection vulnerability in the WebAdmin of Cyberoam OS allows unauthenticated attackers to execute arbitrary SQL statements remotely. Recommendations: For versions prior to...

Siemens XHQ SQL注入漏洞

Siemens XHQ is a software platform that aggregates plant or pipeline operational data, processes it in a goal-oriented manner, and then makes decisions in real time to effectively improve plant or pipeline operational performance. A SQL injection vulnerability exists in Siemens XHQ versions prior...

ZXELINK ZXV10 W908 SQL Injection Vulnerability

The ZXV10 W908 is a wireless access controller from ZXELINK. A SQL injection vulnerability exists in versions prior to ZXELINK ZXV10 W908 MIPSA1022IPV6R3T6P7Y20. The vulnerability stems from the device failing to properly filter parameters. An attacker can exploit the vulnerability by sending...

Diveshlunker Bloodx SQL注入漏洞

Diveshlunker Bloodx is a Php-based website builder for blood bank management by the individual developer Diveshlunker. BloodX version 1.0 suffers from a SQL injection vulnerability that can be exploited by attackers to bypass authentication...

SQL Injection Vulnerability in Bo Yun CD-ROM System of Hangzhou Maida Electronics Co.

Hangzhou Maida Electronics Co., Ltd. provides professional library systems, including search, storage, access and other functions, customers involved in the domestic major universities and provincial and municipal libraries. A SQL injection vulnerability exists in Bo Yun CD-ROM system of Hangzhou...

hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized...

Hibernate ORM vulnerable to SQL injection

Overview Hibernate ORM is an ORM framework for Java. Hibernate ORM can be configured hibernate.usesqlcomments to true, which is false by default to add comments to generated SQL statements, aimed at debugging purpose. When hibernate.usesqlcomments is configured to true, malicious input may produc...

VMWare SD-WAN Orchestrator SQL Injection Vulnerability

Vmware VMWare SD-WAN Orchestrator is a software from Vmware that orchestrates network data flows in a software-defined network architecture. The software provides Web pages to visualize and manage users, gateways, and authentication. An SQL injection vulnerability exists in VMware SD-WAN...

Sourcecodester SourceCodester Water Billing System SQL注入漏洞

SourceCodester Water Billing System is a water billing system from SourceCodester USA. A SQL injection vulnerability exists in SourceCodester Water Billing System version 1.0, which stems from a failure of the program to properly validate user input, and allows an attacker to perform SQL injectio...

fastadmin SQL Injection Vulnerability

fastadmin is a web backend development framework based on ThinkPHP and Bootstrap. A SQL injection vulnerability exists in fastadmin-tp6 v1.0, which originates in the app management controller Ajax.php file, where the passed table parameters are not filtered. An attacker can exploit this...

SQL Injection Vulnerability in Shield Spirit Voting Voter System for Front-end User Modification Data

Shield Spirit Voting Powder Sucking System can be applied to the public number, through the WeChat public number of the message interface to collect the user to send the vote number of the data to reach the vote, with anti-brush voting voting function, but also efficiently suck the live powder...

SQL Injection Vulnerability in waychar enrollment system VER 0.30

Waychar Registration System is a free race registration system. A SQL injection vulnerability exists in waychar registration system VER 0.30, which can be exploited by attackers to obtain sensitive information...

SQL Injection Vulnerability in DSS Safe City System of Zhejiang Dahua Technology Co.

Zhejiang Dahua Technology Co., Ltd, is the world's leading video-centered intelligent IOT solution provider and operation service provider, providing end-to-end video surveillance solutions, systems and services for city operations and more. A SQL injection vulnerability exists in the DSS Safe Ci...

DEDECMSV6 backend di***_li***.php file has SQL injection vulnerability

DedeCMSV6 is based on PHP 7.x development, is scalable and fully open source. A SQL injection vulnerability exists in the DEDECMSV6 backend dili.php file. An attacker can exploit this vulnerability to obtain sensitive information from the database...

Shanghai Yongxi Information Technology Co., Ltd. website building system has SQL injection vulnerability

Shanghai Yongxi Information Technology Co., Ltd. is a creative team dedicated to the fusion of technology and business, providing differentiated services and solutions that benefit our customers. Shanghai Yongxi Information Technology Co., Ltd. website builder system has a SQL injection...

SQL Injection Vulnerability in Situo Travel CMS Website Construction System of Sichuan Situo Smart Travel Software Co.

SituTravel CMS Website Builder is a self-developed website management system suitable for building travel websites. Ltd. SITO Travel CMS website builder system suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database...

SQL Injection Vulnerability in Shield Spirit Voting Sucking System

Shield Spirit Voting Powder Sucking System can be applied to the public number, through the WeChat public number of the message interface to collect the user to send the vote number of the data to reach the vote, with anti-brush voting voting function, but also efficiently suck the live powder...

SQL Injection Vulnerability in SETA Management System

The SETA Management System is software that assists instructors in their teaching duties and helps students participate in courses online, while supporting access to parts of the content by students not in the course and course management by administrators. The SETA Management System suffers from...

SQL Injection Vulnerability in Shield Spirit Voting Sucker System (CNVD-2020-62877)

Shield Spirit Voting Powder Sucking System can be applied to the public number, through the WeChat public number of the message interface to collect the user to send the vote number of the data to reach the vote, with anti-brush voting voting function, but also efficiently suck the live powder...

SQL Injection Vulnerability in Shield Spirit Voting Sucker System (CNVD-2020-62840)

Shield Spirit Voting Powder Sucking System can be applied to the public number, through the WeChat public number of the message interface to collect the user to send the vote number of the data to reach the vote, with anti-brush voting voting function, but also efficiently suck the live powder...