Trend Micro Email Encryption Gateway SQL Injection Vulnerability (CNVD-2018-10480)

Trend Micro Email Encryption is a suite of identity-based email encryption solutions from Trend Micro, Inc. The Trend Micro Email Encryption Gateway TMEEG is one of the gateway products that provides data protection. A SQL injection vulnerability exists in the formRegistration2 class in Trend Mic...

WordPress SQL Injection Vulnerability (CNVD-2018-10476)

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress suffers from an information disclosure vulnerability. By exploiting this vulnerability, an attacker can perform SQL...

SQL Injection Vulnerability in SMiCMS Government Website System v201803224 Version

State Micro CMS is one of the mainstream CMS systems in China, and is also the largest open source platform provider in the field of PHP in Southern China. State Micro CMS government website system v201803224 version of the existence of SQL injection vulnerability , attackers can exploit the...

Zhengzhou octave network marketing system has SQL injection vulnerability

Zhengzhou Octave Networks is a technology company that specializes in providing customers with mobile Internet development, high-end website construction, brand Internet marketing and related Internet-based application services. Zhengzhou Octave Network Marketing system has a SQL injection...

SQL Injection Vulnerability in Jinbao Technology's CMS Website Building System

Shanghai Jinbao Network Technology Co., Ltd. is a set of website construction, SEO optimization, network promotion, Shanghai website production, Shanghai SEO optimization, Shanghai network optimization, and many other network services as one of the integrated service-oriented professional network...

CVE-2018-8914

SQL injection vulnerability in UPnP DMA in Synology Media Server before 1.7.6-2842 and before 1.4-2654 allows remote attackers to execute arbitrary SQL commands via the ObjectID parameter...

SQL Injection Vulnerability in YHCMS Version V2.6.5 R20160808

YHCMS is a professional marketing enterprise building system based on PHP+MYSQL as the core development. A SQL injection vulnerability exists in YHCMS version V2.6.5 R20160808. The vulnerability originates from the system's parameter filtering is not rigorous. An attacker can exploit the...

SQL Injection Vulnerability in Nagios XI 5.4.12 and Prior (CNVD-2018-09748)

Nagios is an open source, free network monitoring tool that effectively monitors the status of hosts, switches routers and other network devices, printers, etc. for Windows, Linux and Unix. Nagios XI 5.4.12 and earlier versions suffer from a SQL injection vulnerability that can be exploited by...

Stored Cross-site Scripting and SQL Injection Vulnerabilities in YXcms Backend Membership Management System

YXCMS is an efficient website management system built on PHP+MYSQL. A stored cross-site scripting and SQL injection vulnerability exists in the YXcms backend member management system. An attacker can exploit the vulnerabilities to obtain information such as database information and user cookies,...

SQL Injection Vulnerability in State Micro CMS School Crowd System

State Micro CMS formerly PHP168 S series is a leading manufacturer of domestic government, school and group platforms, and is also the largest open source system provider in the field of PHP in southern China. State Micro CMS school station group system has SQL injection vulnerability, attackers...

CVE-2018-9102

A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 21.84.5535.0 and earlier, and Mitel ST 14.2, versions GA27 19.49.5200.0 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for...

SQL Injection Vulnerability in CMS of Wuhan Tengfei Liren E-commerce Co.

Wuhan Tengfei Liren E-commerce Co. A SQL injection vulnerability exists in the CMS of Wuhan Tengfei Liren E-commerce Co. An attacker can exploit this vulnerability to obtain sensitive information in the database...

CVE-2018-8820

An issue was discovered in Square 9 GlobalForms 6.2.x. A Time Based SQL injection vulnerability in the "match" parameter allows remote authenticated attackers to execute arbitrary SQL commands. It is possible to upgrade access to full server compromise via xpcmdshell. In some cases, the...

PHPSHE 'userbank' Parameter SQL Injection Vulnerability

PHPSHE is an online shopping mall system. The system supports express tracking, online chat, order evaluation and statistics. A SQL injection vulnerability exists in the 'userbank' parameter in PHPSHE version 1.6. A remote attacker can exploit this vulnerability to execute SQL commands...

CVE-2018-7528

An SQL injection vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an attacker to alter stored data...

Kentico SQL Injection Vulnerability

Kentico is the United States Kentico Software Corporation of a set of ASP.NET-based content management system CMS. The system consists of two main tools : Kentico CMS Desk is used to edit the content of the page ; Kentico CMS Controls is used to edit and control various elements of the page . An...

SQL Injection Vulnerability in iReader Digital Resources Remote Access Management System

The iReader Digital Resources Remote Access Management System is a software system specifically tailored for digital library users for patrons to remotely access the library's digital resources. A SQL injection vulnerability exists in the iReader Digital Resources Remote Access Management System...

SQL Injection and Cross-Site Scripting Vulnerabilities in Esmay's Non-Book Resource Management System

Esmay Non-Book Resource Management System can help librarians conveniently manage accompanying books, accompanying CD-ROMs and other non-paper resources, and help patrons directly search, browse online, operate online, partially download, and fully download the CD-ROMs they need. There are SQL...

HamayeshNegar CMS signup component SQL injection vulnerability

HamayeshNegar CMS is a content management system. signup component is one of the signup functionality components. A SQL injection vulnerability exists in the users/signup.php file of the signup component in HamayeshNegar CMS. The vulnerability can be exploited by a remote attacker to execute...

SQL Injection Vulnerability in Website Building System of SHENYI TECHNOLOGY GROUP LIMITED

SHENYI TECHNOLOGY GROUP LIMITED is a comprehensive service-oriented enterprise pioneering website construction and network application services, mobile APP development, big data mining, cloud computing, Internet of Things, smart home, intellectual property agency, investment and financing service...