CVE-2020-26677

Any user logged in to a vFairs 3.3 virtual conference or event can perform SQL injection with a malicious query to the API...

COVID19 Testing Management System SQL注入漏洞

COVID19 Testing Management System is a COVID19 Testing Management System. A SQL injection vulnerability exists in COVID19 Testing Management System version 1.0, which is exploited via the admin panel...

IBM Security Guardium SQL注入漏洞

IBM Security Guardium is a product of IBM IBM in the U.S. etc. IBM Security Guardium is a suite of platforms that provide data protection capabilities. github rd is a software application. github ic etc. are open source products. github ic is a software application. IBM Security Guardium suffers...

The vulnerability in the web interface of the Cisco Unified Communications Manager IM & Presence Service allows a perpetrator to execute arbitrary SQL queries.

The vulnerability of the Web interface for managing the Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P is related to the lack of security measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL...

Progress Software MOVEit Transfer SQL注入漏洞

Progress Software MOVEit Transfer is a suite of file transfer software from Progress Software, USA. A SQL injection vulnerability exists in Progress MOVEit Transfer versions prior to 2021.0, which could be exploited by an authenticated attacker to gain unauthorized access to the MOVEit Transfer...

CentOS Web Panel SQL注入漏洞

CentOS Web Panel CWP is a free web hosting control panel from the Control Web Panel community. A SQL injection vulnerability exists in CentOS Web Panel that allows unprivileged users to attack via the idsession, an HTTP POST parameter...

Moodle SQL注入漏洞

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. Moodle suffers from a SQL injection vulnerability that allows a remote administrator to send specially designed requests to the affect...

KonaWiki SQL注入漏洞

KonaWiki is a lightweight Wiki system. The system is primarily used for writing manuscripts, keeping minutes and memos, etc. A SQL injection vulnerability exists in KonaWiki2 prior to version 2.2.4. The vulnerability stems from the program not performing sufficient cleansing of user-supplied data...

Liferay Enterprise Portal SQL注入漏洞

Liferay Enterprise Portal is an application system from Liferay USA. It provides a showcase for e-commerce functionality. A SQL injection vulnerability exists in Liferay Enterprise Portal version 7.3.5. The vulnerability stems from the program not adequately cleaning up user-supplied data in the...

VAST - Visibility Across Space And Time

The network telemetry engine for data-driven security investigations. Getting Started — Installation — Documentation — Development — Changelog — License and Scientific Use Chat with us on Gitter, or join us on Matrix at tenzirvast:gitter.im. Key Features High-Throughput Ingestion : import numerou...

Hexagon Intergraph G!NIUS SQL注入漏洞

Hexagon Intergraph G!NIUS is an industrial control device from the Swedish company Hexagon. A sensor. A SQL injection vulnerability exists in Hexagon Intergraph G!NIUS prior to version 5.0.0.0. The vulnerability stems from a lack of validation of externally entered SQL statements in database-base...

CVE-2020-27229

A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findPersonID parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this...

CVE-2021-1363

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper validation of user-submitted...

思科 Cisco Unified Communications Manager SQL注入漏洞

Cisco Unified Communications Manager CUCM, Unified CM, CallManager is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable, and highly available enterprise IP telephony call processing solution. A SQL injection vulnerability...

PHPGurukul Online Book Store SQL注入漏洞

PHPGurukul Online Book Store is a PHP-based online bookstore website system. A SQL injection vulnerability exists in Online Book Store v1.0, which arises from the lack of validation of externally entered SQL statements in database-based applications, and can be exploited by remote attackers to...

meshery SQL注入漏洞

meshery is a software application. A multi-service grid management plane that provides lifecycle, configuration and performance management of service grids and their workloads. Layer5 Meshery 0.5.2 suffers from a SQL injection vulnerability that can be exploited by an attacker to execute arbitrar...

PHPSHE Mall System SQL注入漏洞

PHPSHE is a set of online shopping mall system of China Lingbao Jane Hao Network Technology PHPSHE Company. The system supports express tracking, online chat, order evaluation and statistics and other functions. A security vulnerability exists in PHPSHE Mall System v1.7 that allows remote attacke...

Cisco SD-WAN vManage Cypher Query Language Injection (cisco-sa-vmanage-cql-inject-c7z9QqyB)

According to its self-reported version, Cisco SD-WAN Viptela Software is affected by a vulnerability. Please see the included Cisco BIDs and Cisco Security Advisory for more information. TRUSTED...

Cisco SD-WAN vManage Cypher Query Language Injection Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management...

Qnap Systems QNAP NAS running Multimedia Console SQL注入漏洞

Qnap Systems QNAP NAS running Multimedia Console is an application from China Weilian Qnap Systems. A multimedia console. A security vulnerability exists in QNAP NAS running Multimedia Console, which can be exploited by an attacker to obtain application information...