Component AlphaIndex Dictionaries SQL Injection Vulnerability in Joomla!

Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. A SQL injection vulnerability exists in the Joomla! component AlphaIndex Dictionaries. The vulnerability is caused by an attacker inserting SQL commands into the query string of a w...

SQL injection vulnerability in ShopsN open source online store full web system (CNVD-2018-21970)

ShopsN free version of the B2C e-commerce is a Shanghai Yisu Network Technology Co., Ltd. in line with the enterprise-level commercial standards full-featured really allow free commercial use of open source online store full network system. ShopsN v2.3.5 official version of the existence of SQL...

CVE-2018-17283

Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL...

UCMS SQL Injection Vulnerability

UCMS is a content management system written in PHP. A SQL injection vulnerability exists in the install/index.php file in UCMS version 1.4.6. A remote attacker can exploit this vulnerability to execute SQL commands with the help of the 'mysqldbname' parameter...

IBM Maximo Asset Management SQL Injection Vulnerability (CNVD-2018-17089)

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for these assets. An SQL injectio...

CVE-2018-15904

A10 ACOS Web Application Firewall WAF 2.7.1 and 2.7.2 before 2.7.2-P12, 4.1.0 before 4.1.0-P11, 4.1.1 before 4.1.1-P8, and 4.1.2 before 4.1.2-P4 mishandles the configured rules for blocking SQL injection attacks, aka A10-2017-0008...

WordPress Plugin Chained Quiz SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress plugin Chained Quiz, which can be exploited by attackers to execute...

SQL Injection Vulnerability in Website Building System of Shanghai Bonning Network Technology Co.

Shanghai Bonning Network Technology Co., Ltd. is a company dedicated to the application and promotion of website building and e-commerce for enterprises and institutions. Shanghai Bonning Network Technology Co., Ltd. website building system has SQL injection vulnerability, attackers can use the...

DEBIAN-CVE-2018-12482

OCS Inventory 2.4.1 contains multiple SQL injections in the search engine. Authentication is needed in order to exploit the issues...

IBM InfoSphere Data Replication Dashboard SQL Injection Vulnerability

IBM InfoSphere Data Replication Dashboard is a data synchronization solution from IBM USA. The solution enables log-based data change capture through real-time replication and provides features such as trusted data integration and synchronization. A SQL injection vulnerability exists in IBM...

ELO ELOenterprise and ELOprofessional Access Manager Component SQL Injection Vulnerability

ELO is ELO Digital Office's document management system. eloenterprise is its enterprise version; eloprofessional is its professional version. access manager is one of the access managers. A SQL injection vulnerability exists in the HTTP GET parameter 'ticket' of the Access Manager component in EL...

CVE-2018-10197

There is a time-based blind SQL injection vulnerability in the Access Manager component before 9.18.040 and 10.x before 10.18.040 in ELO ELOenterprise 9 and 10 and ELOprofessional 9 and 10 that makes it possible to read all database content. The vulnerability exists in the ticket HTTP GET...

NodAPS 'search' SQL Injection Vulnerability

NodAPS is an online appointment management system available in multiple languages and is used to help users schedule appointments more efficiently. A SQL injection vulnerability exists in NodAPS 'search'. An attacker can exploit the vulnerability to gain access to sensitive database information...

Online Store System CMS SQL Injection Vulnerability

Online Store System CMS is an online management system. A SQL injection vulnerability exists in Online Store System CMS, which can be exploited by an attacker to execute arbitrary SQL commands...

CVE-2017-18288

An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET game parameter...

JB Tour Booking SQL Injection Vulnerability in Joomla!

Joomla! is an open source content management system CMS developed by the Open Source Matters team in the U.S. JB Tour Booking is one of the scripts designed for travel agencies. A SQL injection vulnerability exists in Joomla JB Tour Booking. An attacker could use this vulnerability to corrupt the...

SQL Injection Vulnerability in Guangzhou Lianya Network Technology Co.

Guangzhou Lianya Network Technology Co., Ltd. is a technology-based network company. A SQL injection vulnerability exists in the website building system of Guangzhou Lianya Network Technology Co. An attacker can exploit the vulnerability to obtain sensitive information from the database...

Zechat has multiple vulnerabilities

Zechat is a PHP-based online chat application script . Zechat suffers from SQL injection and cross-site request forgery vulnerabilities. An attacker can exploit the vulnerabilities to obtain sensitive information about the database; change the user's information...

SQL Injection Vulnerability at lmxcms Tags Search

Dream Cms, hereinafter referred to as "lmxcms", is a simple and practical website management system cms developed by "10 years" screen name. A SQL injection vulnerability exists in lmxcms Tags search. An attacker can exploit the vulnerability to obtain sensitive information from the database...

SQL Injection Vulnerability in KuaiFanCMS V5.0

KuaiFanCMS V5.x hereinafter referred to as KF uses PHP5+MYSQL as the technical basis for development.KF is built with Smarty template engine. KuaiFanCMS V5.0 has a SQL injection vulnerability. An attacker can exploit the vulnerability to obtain sensitive information from the database...