Joomla UserExtranet Component SQL Injection Vulnerability

Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the Joomla UserExtranet component. An attacker can exploit the vulnerability to access or modify database data...

Joomla com_djcatalog2 component 'cid' parameter SQL injection vulnerability

Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the 'cid' parameter of the Joomla comdjcatalog2 component. An attacker can exploit the vulnerability to access or modify database data...

UBUNTU-CVE-2016-4861

The 1 order and 2 group methods in ZendDbSelect in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation...

Joomla JE Quiz Component SQL Injection Vulnerability

Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the Joomla JE Quiz component, which can be exploited by attackers to access or modify database data...

Joomla Music Collection Component SQL Injection Vulnerability

Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the Joomla Music Collection component. An attacker can exploit the vulnerability to access or modify database data...

SQL Injection Vulnerability in iTrackGPS Monitoring Management System

iTrackGPS Monitoring Management System is a GPS monitoring system. A SQL injection vulnerability exists in iTrackGPS Monitoring Management System. The lack of filtering of the 'SystemNo' parameter allows an attacker to exploit the vulnerability to obtain sensitive database information...

IBM Kenexa LMS on Cloud SQL Injection Vulnerability (CNVD-2017-00564)

IBM Kenexa LMS on Cloud is a configurable, enterprise-grade social learning management system LMS from IBM that integrates social networking, collaboration, and knowledge sharing capabilities. The system provides interactive features and supports users to evaluate learning content and share their...

Luis Bernardo SQL Injection Vulnerability

Luis Bernard is a web application development framework. A SQL injection vulnerability exists in the idplayer parameter of the formseeplayer.php page of the Luis Bernard system. Because the program fails to adequately filter user-submitted input, an attacker could use this vulnerability to take...

SQL Injection Vulnerability in Seth Interactive Technologies CRM System

SalesPlus is a Salesforce partner and CRM service provider. A SQL injection vulnerability exists in the CRM system of SalesPlus Interactive Technologies. The vulnerability is caused by uid, type, topicid, tid, senduserid, sendobjectid, sendgroupid, search, replytype, pid, key, id, groupname,...

MyBB has multiple vulnerabilities (CNVD-2016-11625)

MyBB aka MyBulletinBoard is a free and web-based forum software developed by MyBB team using PHP and MySQL. The software is characterized by its simplicity, multi-language support and extensibility. Multiple security vulnerabilities exist in versions of MyBB prior to 1.8.7, including: SQL injecti...

SAP Hybris E-commerce Suite SQL Injection Vulnerability

SAP Hybris Management Console HMC is a suite of enterprise-class multichannel e-commerce and product content management PCM software from SAP. An injection vulnerability exists in SAP Hybris E-commerce Suite that stems from the program failing to adequately filter user-submitted input. An attacke...

SQL Injection Vulnerability in NetDoit of Acuity Brands Creative Marketing Ltd.

NetDoit is a small CMS system developed by php+mysql. The product newsdetail.php?id= exists SQL injection vulnerability, the injection parameter is id, the attacker can use the vulnerability to obtain database sensitive information...

SQL Injection Vulnerability in Type Parameters of Penta Digital Campus System

Penta Digital Campus System is using the technology platform of .NET+SqlServer. A SQL injection vulnerability exists in the /Student/xsxk/MessageView.aspx page of the Penda Digital Campus System. The lack of filtering of the 'type' parameter allows an attacker to exploit the vulnerability to obta...

SQL Injection Vulnerability in ShowAjaxOptions Function of Tibco Call Center System

The core of the Tibco call center system is a communication-based enterprise internal and external communication system. A SQL injection vulnerability exists in the showAjaxOptions function of the Tibco Call Center System. Vulnerability file: /userweb/php/index/Outbound.class.php, exploit: UNION...

SQL Injection Vulnerability in ShowgetAdminUser Function of Tibco Call Center System

The core of Tibco's call center system is a communication-based system for internal and external corporate communication. A SQL injection vulnerability exists in the showgetAdminUser function of the Tibco Call Center System. The vulnerability file: /userweb/php/sms/sms.class.php allows attackers ...

SQL Injection Vulnerability in Netqi CMS Web Management System 6.0

Netqi CMS website management system is a set of CMS system developed by Netqi, this system is developed using ASP.NET kernel. The system's ip/ajax.apsx page has an SQL injection vulnerability that allows arbitrary users to obtain database information...

PT-2016-4508 · Huge It · Huge-It Portfolio Gallery Manager

Name of the Vulnerable Software and Affected Versions: Huge-IT Portfolio Gallery manager version 1.1.0 Description: The issue concerns SQL Injection and XSS in the Huge-IT Portfolio Gallery manager. No further details are provided about the nature of the issue, affected devices, or real-world...

SQL Injection Vulnerability in bjbh Parameter of EAP Digital Campus Integration Management Platform of Guangzhou Zhongda Dongri Education Technology Co.

EAP platform, abbreviated as EAP Enterprise Application Platform, enterprise application platform, also known as enterprise management software platform, is a highly open, integrated with a number of enterprise management software modules. Guangzhou CUHK Dongri Education Technology Co., Ltd. EAP...

SQL Injection Vulnerability in Bidding Member System of Jiangsu Guotai New Point Software Co.

An electronic bidding system is a means of trading on a public resources trading platform. There is a SQL injection vulnerability in the bidding membership system of Jiangsu Guotai New Point Software Co., Ltd. that can be exploited by attackers to obtain sensitive information from the database...

TYPO3 GN Tactics Planner Extension SQL Injection Vulnerability

TYPO3 is a free and open source content management system. A SQL injection vulnerability exists in TYPO3 GN Tactics Planner Extension due to the program failing to adequately clean up user input. An attacker could exploit the vulnerability to access or modify data...