LimeSurvey SQL Injection Vulnerability

LimeSurvey formerly known as PHPSurveyor is an open source online survey program from the LimeSurvey Limesurvey team that supports survey program development, survey distribution, and data collection. A SQL injection vulnerability exists in LimeSurvey that stems from a lack of validation of...

CVE-2021-22654

Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information...

The vulnerability of the REST API implementation of the network management system’s data center management module allows a attacker to execute arbitrary SQL commands.

The vulnerability of the REST API interface of the Cisco Data Center Network Manager DCNM system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands remotely...

The vulnerability of the REST API implementation of the network management system’s data center management module allows a attacker to execute arbitrary SQL commands.

The vulnerability of the REST API interface of the Cisco Data Center Network Manager DCNM system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands remotely...

PHPSHE SQL注入漏洞

PHPSHE is a set of online shopping mall system of China Lingbao Jane Hao Network Technology PHPSHE Company. The system supports express tracking, online chat, order evaluation and statistics and other functions. A SQL injection vulnerability exists in PHPSHE, which stems from the lack of validati...

Advantech Iview SQL注入漏洞

Advantech iView is a device management application for the energy, water and wastewater industries. A SQL injection vulnerability exists in Advantech iView versions prior to 5.7.03.6112. An attacker can exploit this vulnerability to elevate privileges to "Administrator"...

Oliver Lando College-Management-System-Php SQL Injection Vulnerability

Oliver Lando College-Management-System-Php is a college management system organized by Oliver Lando Personal Organization in Kenya. This College Management System is an Internet-based Web portal designed to provide information for all management systems of the college. College Management System P...

The vulnerability in the web interface of the Cisco Unified Communications Manager IM & Presence Service allows a perpetrator to execute arbitrary SQL queries.

The vulnerability of the Web interface for managing the Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P is related to input validation errors. Exploiting this vulnerability could allow a malicious actor to execute arbitrary SQL queries remotely...

RockOA SQL注入漏洞

RockOA Xinhuo is an open source office OA system. Rockoa v1.8.7 version of the existence of SQL injection vulnerability , the vulnerability wordModel.php parameters in the user input is not effectively filtered , a remote attacker through the injection of SQL statements to execute the acquisition...

Cisco SD-WAN vManage Cypher Query Language Injection (cisco-sa-vmanage-cql-inject-72EhnUc)

According to its self-reported version, Cisco SD-WAN vManage is affected by a information disclosure vulnerability due to insufficient input validation by the web-based management interface. An authenticated, remote attacker can exploit this, via crafted HTTP requests, to obtain sensitive...

The vulnerability of the check_community.php file in the Mikrotik Router Monitoring System allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the checkcommunity.php file of the Mikrotik Router Monitoring System is related to the lack of protection for the SQL query structure. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected...

Yccms SQL注入漏洞

Yccms is a Php-based lightweight CMS builder from the Yccms team. YCCMS 3.3 has a SQL injection vulnerability that can be exploited by attackers to execute SQL statements to obtain database information...

Vmware Spring Cloud Data Flow SQL Injection Vulnerability

Vmware Spring Cloud Data Flow is a code library for streaming and batch data processing in microservices from Vmware, Inc. A SQL injection vulnerability exists in Spring Cloud Data Flow versions 2.6.x prior to 2.6.5, versions 2.5.x prior to 2.5.4, which stems from the vulnerability of the...

CVE-2020-35270

Student Result Management System In PHP With Source Code is affected by SQL injection. An attacker can able to access of Admin Panel and manage every account of Result...

The vulnerability of the VMware SD-WAN Orchestrator management platform, related to the failure to implement security measures for SQL query structures, allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the VMware SD-WAN Orchestrator management platform is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

IBM Security Guardium SQL Injection Vulnerability (CNVD-2021-05465)

IBM Security Guardium is a comprehensive data protection solution that offers a full range of data security features from compliance support to dynamic data shielding. An SQL injection vulnerability exists in IBM Security Guardium 10.6, 11.2. An attacker can exploit this vulnerability by sending...

Cisco SD-WAN vManage SQL Injection Vulnerability

Cisco SD-WAN Solution is a suite of network extension solutions from Cisco, of which vManage is the console. A SQL injection vulnerability exists in the Web management interface of Cisco SD-WAN vManage versions prior to 19.2.3. The vulnerability stems from the Web management interface not properl...

CVE-2021-1247

Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory...

CVE-2021-1248

Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory...

CVE-2021-1225

Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities exist because the web-based management interface improperly validates value...