Zoho Corporation Zoho ManageEngine Network Configuration Manager SQL注入漏洞

Zoho ManageEngine Network Configuration Manager is a network change and configuration management tool for managing the configuration of switches, routers and firewalls. A SQL injection vulnerability exists in the configuration search in Zoho ManageEngine Network Configuration Manager. No details ...

PT-2021-23074 · Zoho · Zoho Manageengine Network Configuration Manager

Name of the Vulnerable Software and Affected Versions: ManageEngine Network Configuration Manager versions prior to 125465 Description: The issue concerns a SQL Injection vulnerability in the configuration search of ManageEngine Network Configuration Manager. Recommendations: For ManageEngine...

The vulnerability of the txtID parameter in the xp_cmdshell procedure of the BillQuick Web Suite’s time and attendance system allows a perpetrator to execute arbitrary code.

The vulnerability of the txtID parameter in the xpcmdshell procedure of the BillQuick Web Suite payroll and accounting system is related to errors during the elimination of special elements in SQL queries. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Ivanti Avalanche 安全漏洞

Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A security vulnerability exists in Ivanti Avalanche that allows a remote attacker to exploit the vulnerability to...

WordPress SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on PHP and MySQL servers. WordPress Plugin is a WordPress open source application plugin. SQL injection vulnerability exists in the Wordpress...

WordPress SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress Chameleon CSS plugin in version 1.2 and earlier, which...

ServiceTonic Helpdesk Software SQL注入漏洞

ServiceTonic, an ITIL-compliant service desk and enterprise services software, has a SQL injection vulnerability in the login form in versions prior to ServiceTonic 9.0.35937. An attacker could exploit the vulnerability to steal information via a specially crafted, HQL-compatible, time-series SQL...

WordPress SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress Schreikasten WordPress plugin in version 0.14.18 and...

CVE-2021-42667

A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate the sql query performed. As a result he can extract sensitive data from the web server and in som...

PHP Event Calendar SQL注入漏洞

PHP Event Calendar is an open source AJAX-based multi-user modern event calendar. It is easy to integrate and fully customizable.PHP Event Calendar Lite Edition is vulnerable to SQL injection, which can be exploited by attackers to execute illegal SQL commands to obtain sensitive database data...

Phpjabbers Fundraising Script SQL注入漏洞

Phpjabbers Fundraising Script is a simple open source Php donation script from the Serbian company Phpjabbers. Phpjabbers Fundraising Script version 1.0 has a SQL injection vulnerability, attackers can attack through the pjActionLoad function...

Simple Cashiering System SQL注入漏洞

Simple Cashiering System is a simple open source cashiering system by Carlo Montero personal developer. It is used to help businesses manage their daily transactions. Simple Cashiering System suffers from an SQL injection vulnerability that stems from a lack of filtering and escaping of...

Ericsson Network Location Mps Gmpc21 命令注入漏洞

Ericsson Network Location Mps Gmpc21 is a network mobile positioning system from Ericsson, Sweden. Ericsson Network Location MPS GMPC21 suffers from a command injection vulnerability that arises from the lack of filtering and escaping of SQL statements in the file name query in the export functio...

Simple Subscription Website SQL注入漏洞

Simple Subscription Website is a web-based application. SourceCodester Simple Subscription Website 1.0 is vulnerable to SQL injection, which can be exploited by attackers to perform SQL injection via login...

Sourcecodester Customer Relationship Management System SQL注入漏洞

Sourcecodester Customer Relationship Management System is an open source Php project. Sourcecodester Customer Relationship Management System CRM is vulnerable to SQL injection in v1.0, which can be exploited by attackers via the username field in "customer/login .php" in the username field to...

Fortinet FortiWLC SQL注入漏洞

Fortinet FortiWLC is a wireless LAN controller from Fortinet. A security vulnerability in Fortinet FortiWLC version 8.6.1 and below can be exploited by an attacker to disclose device, user, and database information via a crafted HTTP request...

CVE-2021-41676

An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy Point of Sale System 1.0 in the login function in actions.php...

Yonyou TurboCrm SQL注入漏洞

Yonyou TurboCrm is a customer relationship management system from China's UFIDA Network Technology Yonyou. Yonyou TurboCRM.via suffers from a SQL injection vulnerability that allows an attacker to obtain sensitive database information via the orgcode parameter in changepswd.php...

The vulnerability of the idxGetTableInfo function in the command-line component of the embedded SQLite database, which involves reading data beyond the allowed buffer size, allows a attacker to cause a service failure.

The vulnerability of the idxGetTableInfo function in the command-line component of the embedded SQLite database relates to reading data beyond the allowable buffer size. Exploiting this vulnerability could allow a malicious actor to cause service failures by executing a specially crafted SQL quer...

CVE-2020-24932

An SQL Injection vulnerability exists in Sourcecodester Complaint Management System 1.0 via the cid parameter in complaint-details.php...