SQL Injection Vulnerability in Creative Yingfeng School Office OA System

Think Yingfeng School Office OA System is a comprehensive school management platform. A SQL injection vulnerability exists in versions 3.99 and earlier of the Creative Yingfeng School Office OA System. It allows attackers to exploit the vulnerability to obtain sensitive database information...

Accentis 'SIDX' Parameter SQL Injection Vulnerability

Accentis is a suite of management software for ERP, CRM, payroll, production and inventory management. Accentis fails to properly filter the 'SIDX' parameter, allowing remote attackers to exploit the vulnerability to submit specially crafted SQL query operations or obtain database data...

SQL Injection Vulnerability in a System of Anhui Business Network

Anhui Business Network Information Industry Co., Ltd. is a professional high-tech Internet technology service provider. A system SQL injection vulnerability in Anhui Business Network allows attackers to exploit this vulnerability to obtain data volume sensitive information...

Pref Shimane CMS vulnerable to SQL injection

Overview Pref Shimane CMS is an open-source Contents Management System CMS. Pref Shimane CMS contains an SQL injection vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A logged in...

SQL Injection Vulnerability in LanMuId Parameter of Wave Software Administrative Services System

The Administrative Service System ASS is a comprehensive administrative service system that integrates information and consultation, approval and charging, management and coordination, and complaints and supervision. A SQL injection vulnerability exists in the LanMuId parameter of the...

SQL Injection Vulnerability in id Parameter of Wave Software Administrative Services System

The Administrative Service System ASS is a comprehensive administrative service system that integrates information and consultation, approval and charging, management and coordination, and complaints and supervision. A SQL injection vulnerability exists in the id parameter of the administrative...

SQL injection vulnerability in prtp parameter of travel e-commerce platform belonging to Shenzhen Dingyou

The tourism e-commerce platform is also a platform for a business system that uses electronic means to operate the tourism industry and its distribution system, based on a network as the main body, a tourism information base and an electronic business bank. There is a SQL injection vulnerability ...

Arbitrary File Upload Vulnerability in Panavision OA System

Panavision OA Office System is a coordination office software. A SQL injection vulnerability exists in Panmicro OA Office System, which can be exploited by an attacker to obtain sensitive information from a website database...

Generic SQL Injection Vulnerability in CNGENETCMS v4.2.0

CNGENETCMS is a content management system CMS, there is an authentication bypass vulnerability CNGENETCMS v4.2.0 sp1. This vulnerability can be exploited to directly log in to the background of the site without authentication to manage the site. At present, many sites are still using this CMS...

Arab Portal SQL Injection Vulnerability

Arab Portal is a set of web portals. A SQL injection vulnerability exists in Arab Portal version 3, which stems from a failure of the members.php script to adequately filter the 'showemail' parameter in the signup operation. A remote attacker could use this vulnerability to execute arbitrary SQL...

WordPress WP Symposium Plugin SQL Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL.WP Symposium is one of the social networking plug-ins. A SQL injection vulnerability exists in WordPress WP Symposium plugin...

Generalized SQL Injection Vulnerability in lm Parameters of Seven Colors Web Site Building System

Seven Colors Web Building System is a system that provides professional website building services. A generic SQL injection vulnerability exists in the lm parameter of the Seven Colors Network website builder system. Allow attackers to utilize commonly used SQL injection tools to obtain sensitive...

SQL Injection and Arbitrary File Upload Vulnerabilities in Rural Electronic Monitoring Platform of Beijing Zhongnong Xinda Information Technology Co.

Beijing Zhongnong Xinda Information Technology Co., Ltd. is a provider of comprehensive services for three rural informatization, and the Rural Electronic Monitoring Platform is one of the company's monitoring platforms. A SQL injection and arbitrary file upload vulnerability exists in the Rural...

WordPress SP Project & Document Manager plugin 'ajax.php' SQL injection vulnerability

WordPress is a blogging platform developed using the PHP language. The 'SP Project & Document Manager' plugin for WordPress suffers from a sql injection vulnerability in the implementation of 'ajax.php', which can be exploited by an attacker to take control of the application and perform...

SQL Injection Vulnerability in Panmicro E-office /E-mobile/create/ajax_do.php Parameters

Panmicro E-office is an OA product launched by Panmicro for small and medium-sized organizations. A SQL injection vulnerability exists in the Panmicro E-office /E-mobile/create/ajaxdo.php parameter, which can be exploited by an attacker to obtain sensitive information from the database...

Milw0rm Clone Script SQL Injection Vulnerability

Milw0rm is a hacking and defense interest group that provides security services such as vulnerability mining, security information, hacking and defense, security tools and other security services for IT technicians.Milw0rm Clone Script is a script for sharing and managing the Milw0rm website's...

Symantec Endpoint Protection Management Console SQL Injection Vulnerability

Symantec Endpoint Protection is a protection software developed to enhance enterprise virus protection and advanced threat defense. Symantec Endpoint Protection management console fails to properly validate user input and administrators with low privileges can perform SQL injection attacks with...

SQL injection vulnerability in txtContent parameter in InteractiveCommunication/InterActiveIndex.aspx of Wave Government Service Platform

Wave software government system is an industry informatization application system built on the basis of cloud computing and big data. There is a SQL injection vulnerability in the txtContent parameter of the InteractiveCommunication/InterActiveIndex.aspx of the Wave government service platform,...

Forma Lms SQL Injection Vulnerability

Forma Lms is an open source web-based learning management system LMS. A SQL injection vulnerability exists in Forma Lms, which allows remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain database data...

Emerson AMS Device Manager Local SQL Injection Vulnerability

Emerson Electric AMS Device Manager is a fixed asset management software. The software provides predictive diagnostics, device configuration management, and more. An SQL injection vulnerability exists in AMS Device Manager 12.5 and earlier versions, which can be exploited by an attacker to gain...