PT-2021-21877 · Unknown · Online Shopping Portal

Name of the Vulnerable Software and Affected Versions: Online Shopping Portal version 3.1 Description: A security issue exists in the Online Shopping Portal, specifically an SQL Injection flaw. This issue is present in the email parameter on the "/check availability.php" endpoint, which checks if...

The vulnerability of the information system openSIS, related to the failure to protect the SQL query structure, allows a perpetrator to execute arbitrary SQL queries.

The vulnerability of the information system openSIS is related to the failure to implement measures to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries using the username parameter...

CVE-2021-37371

Online Student Admission System 1.0 is affected by an unauthenticated SQL injection bypass vulnerability in /admin/login.php...

Vulnerabilities fixed in Atlassian Jira

Atlassian has fixed two vulnerabilities in Jira Server. A unauthenticated remote malicious person could exploit them to perform a Cross-Site-Request-Forgery attack XSRF or to gain direct gain unauthorized access to the JQL query component. Both attack methods lead to obtaining sensitive data...

Atlassian Jira 安全漏洞

Atlassian Jira is a defect tracking management system from Atlassian Australia. Atlassian Jira is vulnerable to an access control error that occurs when a network system or product does not properly restrict access to resources from unauthorized roles. A remote attacker could exploit this...

The vulnerability of the Media Streaming add-on, a multimedia file streaming application, and the Multimedia Console console lies in the lack of protection for the SQL query structure. This allows attackers to execute arbitrary SQL queries.

The vulnerability of the Media Streaming add-on, a multimedia file streaming application, and the Multimedia Console console is related to the failure to implement measures to protect the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries remote...

Aruba ClearPass Policy Manager SQL注入漏洞

Aruba ClearPass Policy Manager is an application from Aruba, Inc. that provides a secure access management system for wireless networks.A SQL injection vulnerability exists in Aruba ClearPass Policy Manager, which stems from a remote SQL injection vulnerability in Aruba ClearPass Policy Manager. ...

Easytest SQL注入漏洞

Easytest is an online learning quiz platform of China's Hua Ju Digital Technology, Inc. Easytest is vulnerable to SQL injection, which can be exploited by attackers to inject SQL commands into the parameters of the learning history page after gaining user privileges to access all databases and ga...

Enalean Tuleap Open Alm SQL注入漏洞

Enalean Tuleap Open Alm is a free and open source tool from Enalean France. End-to-end traceability for application and system development. A SQL injection vulnerability exists in Community Edition version 11.16.99.173 and Enterprise Edition versions prior to 11.16-6 and 11.15-8 of Enalean Tuleap...

ZZCMS SQL注入漏洞

ZZCMS is a content management system CMS from the Zzcms team in China.ZZCMS version 2019 is vulnerable to a SQL injection vulnerability that originates from a missing validation of externally entered SQL statements in the id parameter on the application's /dl/dlprint.php page. An attacker could u...

CVE-2021-40843

Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with SYSTEM privileges on the underlying server when a Web Console user triggers retrieval of...

What is Graphql ❓ Definition with Example

Anyone who is involved in app development will be familiar with GraphQL, a highly useful query language making tons of things right for app developers and security managers. When handled perfectly and diligently, GraphQL holds the power to empower the traditional process of data retrievals,...

ZOHO ManageEngine OpManager SQL注入漏洞

ZOHO ManageEngine OpManager is an end-to-end integrated network management software that enables comprehensive, visual, unified and centralized monitoring and management of IT infrastructure, including network devices, servers, hosts, WAN links, applications and services, within an enterprise...

mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2021)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

Open Solutions For Education openSIS SQL注入漏洞

openSIS is a free, open source student information system/school management software. A SQL injection vulnerability exists in the ADDRCONTUSRN, ADDRCONTPSWD, SECNCONTUSRN, SECNCONTPSWD parameters in HoldAddressFields.php in openSIS version 8.0. An attacker can exploit this vulnerability to obtain...

Froxlor SQL注入漏洞

Froxlor is a lightweight server management software from the Froxlor team. a security vulnerability exists in Froxlor that allows SQL injection via custom database names in the database manager DbManagerMySQL.php. no details of the vulnerability are currently provided...

rConfig SQL注入漏洞

rConfig is an open source network device configuration management utility . A SQL injection vulnerability exists in rConfig version 3.9.6. An attacker can exploit this vulnerability to upload a webshell to the server and access it remotely...

Subrion CMS SQL注入漏洞

Subrion is a powerful and easy-to-use PHP content management system with powerful features such as full-source editing, per-page permissions, user activity monitoring, etc. A SQL injection vulnerability exists in visual-mode in Subrion version 4.2.1. An attacker can use this vulnerability to obta...

Samsung SMR SQL注入漏洞

Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung mobile applications. A SQL injection vulnerability exists in versions prior to Samsung SMR Oct-2021 Release 1. The vulnerability stems from a SQL injection vulnerability in the CMFA framework that allo...

Emerson WirelessHART Gateway SQL注入漏洞

The Emerson WirelessHART Gateway is a wireless gateway from Emerson USA. Emerson WirelessHART Gateway suffers from a SQL injection vulnerability that originates from an input validation error when processing a directory traversal sequence. An attacker could use this vulnerability to send a...