SQL Injection Vulnerability in CoolSource Content Management System

CoolSource CMS Content Site Management System is a website management system based on Microsoft's latest ASP.NET platform. A SQL injection vulnerability exists in the CoolSource CMS due to the system failing to effectively filter user input. An attacker can exploit this vulnerability to obtain...

OpenText Document Sciences xPression SQL Injection Vulnerability (CNVD-2017-33295)

OpenText Document Sciences xPression formerly known as EMC Document Sciences xPression is a document output management and customer communication solution from OpenText Canada. The solution integrates an organization's Customer Relationship Management CRM, Enterprise Content Management ECM, and...

SQL Injection Vulnerability in 74cms MembersController.class.php Page

Knight Talent System 74cms is a free website management system based on PHP+MYSQL. A SQL injection vulnerability exists in the 74cms MembersController.class.php page, which can be exploited by attackers to obtain sensitive database information...

SQL Injection Vulnerability in Wireless Suzhou App

Wireless Suzhou APP is a cell phone software that brings convenient services to Suzhou users. It is a news and life city application client focused on by Suzhou Radio and Television Station. A SQL injection vulnerability exists in Wireless Suzhou APP, which can be exploited by attackers to obtain...

WordPress add-edit-delete-listing-for-member-module SQL Injection Vulnerability

WordPress add-edit-delete-listing-for-member-module is a WordPress-specific plugin for adding, editing and deleting operations on member listings. A SQL injection vulnerability exists in WordPress add-edit-delete-listing-for-member-module version 1.0, which stems from the program failing to filte...

SQL Injection Vulnerability in ShopsN v2.0 Frontend OrderGroupController.class.php File

ShopsN is a free e-commerce open source system. ShopsN v2.0 official version of the front-end OrderGroupController.class.php file SQL injection vulnerability. The vulnerability is due to the system failing to effectively filter user-submitted data. An attacker can exploit this vulnerability to...

SQL Injection Vulnerability in several pages of Arsenal CMS v2.1

JX CMS Jxcms is a website construction and management system independently developed by Taizhou JX Information Technology Co. A SQL injection vulnerability exists in the 'AdAction.class.php', 'AreaAction.class.php' and 'AccessAction.class.php' pages. An attacker can exploit this vulnerability to...

SQL Injection Vulnerability in Newsshow.asp Page of Yiming Website Builder System

Yiming web builder is a website builder system. A SQL injection vulnerability exists in the newsshow.asp page of the Yiming Website Builder System. The vulnerability is caused due to the system failing to effectively filter user-submitted data. An attacker can exploit this vulnerability to obtain...

SQL Injection Vulnerability in Internet Security Management System of Qingdao Hengxin Technology Development Co.

Qingdao Hengxin Technology Development Co., Ltd. is positioned as a high-tech enterprise specializing in the research and development of computer network and information security technology products. Qingdao Hengxin Technology Development Co., Ltd. Internet security management system SQL injectio...

SQL Injection Vulnerability in SDMCS V1.1 Frontend

SDCMS is a PHP 3-in-1 website management system independently developed by Fireworks Network. SDMCS V1.1 SQL injection vulnerability exists in the front-end, due to the system does not effectively filter the data submitted by the user, the attacker can exploit the vulnerability to obtain sensitiv...

SLiMS SQL Injection Vulnerability

SLiMS 8 Akasia is an open source, free library management system. An SQL injection vulnerability exists in the admin/AJAXlookuphandler.php file, the admin/AJAXcheckid.php file, and the admin/AJAXvocabolarycontrol.php file in SLiMS 8 Akasia 8.3.1 and earlier versions. A remote attacker can exploit...

Multiple vulnerabilities in phpcms V9 front and backend

PHPCMS is a web content management system based on PHP and Mysql architecture. PHPCMS V9.6.3 backend has a reflective XSS and SQL injection vulnerability that can bypass the CSRF defense and upload any script file under certain conditions...

VehicleWorkshop SQL Injection Vulnerability

VehicleWorkshop is an online vehicle management system based on PHP and MySQL. VehicleWorkshop suffers from a SQL injection vulnerability. An attacker could use the vulnerability to access or modify data, or exploit a potential vulnerability in the underlying database...

Hashtopus SQL Injection Vulnerability

Hashtopus is a cross-platform client-server tool for distributing hash table tasks between multiple computers. A SQL injection vulnerability exists in Hashtopus version 1.5g. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands with the help of the 'format' parameter...

Aruba Networks ClearPass Policy Manager SQL Injection Vulnerability

Aruba Networks ClearPass Policy Manager is a BYOD network access control policy enforcement platform. An SQL injection vulnerability in Aruba Networks ClearPass Policy Manager allows remote attackers to construct malicious URIs, trick users into parsing them, and perform malicious actions in the...

IBM Maximo Asset Management SQL Injection Vulnerability (CNVD-2017-21753)

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for these assets. An SQL injectio...

SQL Injection Vulnerability in addr_edite Method of ShopSn V2.0 Mall System

ShopsN Mall system is a product of Shanghai Yiso Network Technology Co., Ltd, an enterprise-class commercial standard full-featured allow free commercial use of the open source online store full network system. A SQL injection vulnerability exists in the userid parameter in the addredite method o...

SQL Injection Vulnerability in Niushop Goods.php

NiuShop open source mall system is by Shanxi Niu Cool Information Technology Co., Ltd. completely independent design, research and development of a set of PHP open source e-commerce system . NIUSHOP open source mall system goods.php file id parameter SQL injection vulnerability , the program for...

SQL Injection Vulnerability in ShopSn V2.0 Mall System

ShopsN free version of the B2C e-commerce is a product of Shanghai Yisu Network Technology Co., Ltd , a full-featured business standards in line with the enterprise-class truly allow free commercial use of open source online store system . ShopSn V2.0 mall system has a SQL injection vulnerability...

SQL Injection Vulnerability in Xiangsoft Smart Campus Platform

Xiangsoft Smart Campus Platform is an informative and intelligent software system. SQL injection vulnerability exists in Xiangsoft Technology Smart Campus Platform. An attacker can use this vulnerability to obtain sensitive information of the database...