ZOHO ManageEngine Netflow Analyzer SQL Injection Vulnerability

ZOHO ManageEngine Netflow Analyzer is a set of web-based bandwidth monitoring tools. A SQL injection vulnerability exists in ZOHO ManageEngine Netflow Analyzer /client/api/json/v2/nfareports/compareReport, which can be exploited by remote attackers to submit a specially crafted SQL request to...

Critical Flaws Found in Widely Used IPTV Software for Online Streaming Services

Security researchers have discovered multiple critical vulnerabilities in a popular IPTV middleware platform that is currently being used by more than a thousand regional and international online media streaming services to manage their millions of subscribers. Discovered by security researchers ...

SQL Injection Vulnerability in B2C_UQ Cloud Business System (CNVD-2019-18481)

UQ Cloud Business System B2C version is a compact e-commerce system, the platform is developed by PHP7.0+Mysql. B2CUQ Cloud Business System suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

CVE-2019-10123

SQL Injection in Advanced InfoData Systems AIS ESEL-Server 67 which is the backend for the AIS logistics mobile app allows an anonymous attacker to execute arbitrary code in the context of the user of the MSSQL database. The default user for the database is the 'sa' user...

SQL Injection Vulnerability in Tpshop Us***.php Page at Member Information

Tpshop is a set of multi-merchant mode developed by Shenzhen Soleil Networks Limited mall system. A SQL injection vulnerability exists in the member information of the Tpshop Us.php page. Attackers can use the vulnerability to obtain sensitive information in the database...

SQL injection vulnerability in Tpshop v3.5 To***.php page (CNVD-2019-17503)

Tpshop is a set of multi-merchant mode developed by Shenzhen Soleil Networks Limited mall system. A SQL injection vulnerability exists in the Tpshop v3.5 To.php page. Attackers can use the vulnerability to obtain sensitive information in the database...

SQL injection vulnerability in Tpshop v3.5 Us***.php page (CNVD-2019-17500)

Tpshop is a set of multi-merchant mode developed by Shenzhen Soleil Networks Limited mall system. A SQL injection vulnerability exists in the Tpshop v3.5 Us.php page. Attackers can use the vulnerability to obtain sensitive information in the database...

PETRAWARE Technologies pTransformer Advanced Document Capture SQL Injection Vulnerability

PETRAWARE Technologies pTransformer Advanced Document Capture ADC is a suite of advanced document capture and categorization solutions from PETRAWARE Technologies, Malaysia. The product supports distributed document capture, automatic indexing, optical character recognition and automatic data...

ZZCMS suffers from SQL injection vulnerability

ZZCMS is a content management system CMS by the ZZCMS team in China. ZZCMS suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database...

SQL Injection Vulnerability in na***.php of Acme CMS Backend

Acme CMS is a full-featured, PHP + Mysql architecture, multi-language, responsive display, suitable for personal website construction CMS building system. Aike CMS background na.php SQL injection vulnerability, attackers can use the vulnerability to obtain database sensitive information...

python-sqlalchemy: SQL Injection when the group_by parameter can be controlled

SQLAlchemy 1.2.17 has SQL Injection when the groupby parameter can be controlled...

Shanghai Danfan Network Technology Co., Ltd. station building system exists SQL injection vulnerability

Huaxia chemical network is by Shanghai Danfan network technology limited company founded, is for the chemical industry to provide security, high efficiency, multi-function, system supporting B2B electronic commerce platform of professional website. The Shanghai Danfan network science and technolo...

SQL Injection Vulnerability in Website Building System of Ningbo Mufeng Network Technology Co.

Ningbo Mufeng Network Technology Co., Ltd. is a website design company with the core business of website construction, website production, website development, graphic design and corporate branding in Ningbo. There is a SQL injection vulnerability in the website building system of Ningbo Mufeng...

GHSA-887W-45RQ-VXGF SQLAlchemy vulnerable to SQL Injection via order_by parameter

SQLAlchemy before 1.3.0b3 allows SQL Injection via the orderby parameter. The fix commit 30307c4 was applied only to the main branch and was never backported to the 1.2.x release line; all 1.2.x versions remain vulnerable...

SQL Injection Vulnerability in Citycom's Website Building System

Citycom Technology Inc. is a website building system. SQL injection vulnerability exists in Citycom's website builder system, which can be exploited by attackers to obtain sensitive information from the database...

SQL Injection Vulnerability in deituiCMS fu***.php File

deituiCMS is a PHP-based open source content management system. A SQL injection vulnerability exists in the deituiCMS fu.php file, which can be exploited by attackers to obtain sensitive database information...

Joomla Component MorfeoShow SQL Injection Vulnerability

Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the Joomla component MorfeoShow. The vulnerability exists because the program fails to adequately filter user-supplied data before using it in SQL queries. Allowing remote attackers to execute arbitrar...

SQL Injection Vulnerability in yxtcmf Backend

YxtCMF Yi Xue Tang Online Learning System is an online learning platform system developed with thinkphp+bootstrap as the framework. There is a SQL injection vulnerability in the backend of yxtcmf, which can be exploited by attackers to obtain database sensitive information...

SQL Injection Vulnerability in ECShop Full Version Backend

ECShop is a B2C independent online store system, suitable for enterprises and individuals to quickly build a personalized online store. The system is based on PHP language and MYSQL database structure development of cross-platform open source program. ECShop full version of the back-end SQL...

SQL Injection Vulnerability in the jdo*** Component jdo*** Module of joomla!

joomla! is an open source content management system CMS. A SQL injection vulnerability exists in the jdo module of the joomla! jdo component. The vulnerability allows attackers to obtain sensitive information about the database...