2783 matches found
SQL Injection Vulnerability in Website Building System of Guangzhou Shuntian Computer Technology Co.
Shun Tian Technology is a domestic senior network technology service provider, with international leading website development technology, e-commerce technology, website full range of promotional technology and attentive after-sales customer service team. Guangzhou Shuntian Computer Technology Co....
poc
This repository appears to be a collection of proof-of-concept PoC exploits for various vulnerabilities, primarily targeting web applications. The PoCs are written in Python and utilize the Beebeeto framework. The PoCs cover a range of vulnerabilities, including SQL injection, cross-site scriptin...
Schneider Electric U.motion Builder editobject remote code execution vulnerability
U.motion Builder is a builder product from Schneider Electric France. A remote code execution vulnerability exists in the Schneider Electric U.motion Builder editobject. The underlying SQLite database query requires SQL injection on the type input parameter. A remote attacker could exploit the...
SQL Injection Vulnerability in State Micro CMS Attachment Lists
State Micro CMS is one of the mainstream CMS systems in China, is also the largest open source platform provider in the field of PHP in southern China. State Micro CMS attachment list SQL injection vulnerability exists. The vulnerability stems from the attachment list parameter filtering is not...
CVE-2017-6668
Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager CUCDM could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc52784 CSCvc97648. Known Affected...
Fastspot BigTree CMS SQL Injection Vulnerability (CNVD-2017-08707)
Fastspot BigTree CMS is the United States Fastspot company based on PHP and MySQL open source content management system CMS. A SQL injection vulnerability exists in Fastspot BigTree CMS 4.2.18 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands...
Xavier SQL Injection Vulnerability
Xavier - PHP is a login script and user management administration panel. Xavier suffers from a SQL injection vulnerability. Allows attackers to exploit the vulnerability to obtain sensitive information...
Dolibarr ERP/CRM SQL Injection Vulnerability (CNVD-2017-11315)
Dolibarr ERP/CRM is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. A SQL injection vulnerability exists in the user/index.php fil...
TPshop 2.0 Backend SQL Injection Vulnerability in Multiple Different Page Parameters
TPshop open source mall system Thinkphp shop for short , is a set of Shenzhen Soleil Networks Ltd. developed a set of multi- merchant model of the mall system . TPshop 2.0 background parameters of a number of different pages mobile, id and orderby the existence of SQL injection leaks , allowing...
Flash cms /wap has multiple SQL Injection Vulnerabilities
Flash Flash cms is a flash website system developed by Zibo Flash Network Technology Co. Flash cms has a SQL injection vulnerability. The vulnerability stems from the program's failure to filter user-submitted data, which can be exploited by attackers to obtain sensitive database information...
Joomla VideoFlow SQL Injection Vulnerability
Joomla is an open source content management system CMS. A SQL injection vulnerability exists in Joomla VideoFlow. An attacker can exploit this vulnerability to gain access to sensitive database information...
Joomla! 'com_fields' component SQL injection vulnerability
Joomla! is one of the most popular Content Management System CMS solutions in the world. A SQL injection vulnerability exists in the 'comfields' component of Joomla! An attacker can exploit the vulnerability to obtain sensitive information from the database...
SQL Injection Vulnerability in 'menu_id' Parameter of Pioneer Hi-Tech Government System
Pioneer Hi-Tech Government System is an "easy technology" system. A SQL injection vulnerability exists in the 'menuid' parameter of the Pilot Hi-Tech Government System. This vulnerability can be exploited by attackers to obtain sensitive information from the database...
EyesOfNetwork SQL Injection Vulnerability
EyesOfNetwork EON is an open source, free IT monitoring solution. The solution provides features such as a business process configuration tool, generating pop-up windows when events occur in the active queue, and more. Multiple SQL injection vulnerabilities exist in EyesOfNetwork aka EON 5.0 and...
FocalPoint Component SQL Injection Vulnerability in Joomla!
Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. The system provides RSS feeds , site search and other functions . A SQL injection vulnerability exists in the FocalPoint component of Joomla! An attacker can exploit the vulnerabili...
Omegle Clone SQL Injection Vulnerability
Omegle Clone is a communication software script. An SQL injection vulnerability exists in the Omegle Clone parameter, which could allow a remote, unauthenticated attacker to gain access to sensitive information via this vulnerability...
Secure Download Links 'dc' Parameter SQL Injection Vulnerability
Secure Download Links is an application that provides secure downloads. A SQL injection vulnerability exists in the 'dc' parameter of Secure Download Links, which allows remote, unauthenticated attackers to obtain sensitive information...
Joomla Vik Rent Car component 'caropt' parameter SQL injection vulnerability
Joomla is a software system developed using the PHP language coupled with a MySQL database, and can be implemented on various platforms such as Linux, Windows, MacOSX, and so on. A SQL injection vulnerability exists in the 'caropt' parameter of the Joomla Vik Rent Car component. An attacker can...
SQL Injection Vulnerability in KenCMS V1.1 Enterprise Member Experience System end_time Parameter
KenCMS is a content management system. A SQL injection vulnerability exists in the KenCMS V1.1 Enterprise Member Experience system. The lack of filtering of the 'endtime' parameter allows an attacker to exploit the vulnerability to obtain sensitive database information...
WordPress Mail Masta plugin SQL injection vulnerability (CNVD-2017-02636)
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.Mail Masta aka mail-masta is one of the email plug-ins. WordPress Mail Masta plugin version 1.0 in...