Vulnerability of the Server component: The X Plugin of the MySQL Server database management system, which allows attackers to cause service interruptions.

The vulnerability of the MySQL Server component involves insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions...

SQL Injection Vulnerability in TEMMOKUMVC of Pizhou Tianmu Network Technology Co.

TEMMOKUMVC is Pizhou Tianmu Network Technology Co., Ltd. developed a professional PHP + MYSQL products, using the independent MVC framework for large and small and medium-sized enterprises of the open source MVC. Pizhou Tianmu Network Technology Co., Ltd TEMMOKUMVC SQL injection vulnerability,...

SQL Injection Vulnerability in Bo Yun CD-ROM System of Hangzhou Maida Electronics Co.

Hangzhou Maida Electronics Co., Ltd. provides professional library systems, including search, storage, access and other functions, customers involved in the domestic major universities and provincial and municipal libraries. A SQL injection vulnerability exists in Bo Yun CD-ROM system of Hangzhou...

UFIDA NC suffers from SQL injection vulnerability (CNVD-2020-69451)

UFIDA NC is a large erp enterprise management system and e-commerce platform. UFIDA NC suffers from a SQL injection vulnerability. An attacker can exploit this vulnerability to obtain sensitive information from the database...

hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized...

VMware VMWare SD-WAN Orchestrator SQL Injection Vulnerability

VMware VMWare SD-WAN Orchestrator is a software for orchestrating network data flows in a software-defined network architecture. A SQL injection vulnerability exists in VMware VMWare SD-WAN Orchestrator, which can be exploited by a remote attacker to submit a special SQL request to manipulate a...

SQL Vulnerability in KKCMS

KKCMS is an open source video capture and playback system. The system is mainly used to automatically collect film and television resources and provide online playback capabilities. KKCMS has a SQL vulnerability. Attackers can use the vulnerability to obtain sensitive information in the database...

Hibernate ORM vulnerable to SQL injection

Overview Hibernate ORM is an ORM framework for Java. Hibernate ORM can be configured hibernate.usesqlcomments to true, which is false by default to add comments to generated SQL statements, aimed at debugging purpose. When hibernate.usesqlcomments is configured to true, malicious input may produc...

Vmware VMWare SD-WAN Orchestrator SQL注入漏洞

VMware VMWare SD-WAN Orchestrator is a software for orchestrating network data flows in a software-defined network architecture. A SQL injection vulnerability exists in VMware VMWare SD-WAN Orchestrator, which can be exploited by a remote attacker to submit a special SQL request to manipulate a...

VMWare SD-WAN Orchestrator SQL Injection Vulnerability

Vmware VMWare SD-WAN Orchestrator is a software from Vmware that orchestrates network data flows in a software-defined network architecture. The software provides Web pages to visualize and manage users, gateways, and authentication. An SQL injection vulnerability exists in VMware SD-WAN...

Cisco IoT Field Network Director SQL Injection Vulnerability

Cisco IoT Field Network Director IoT-FND is an end-to-end IoT management system from Cisco USA. The system features device management, asset tracking and smart metering. Cisco IoT Field Network Director suffers from a SQL injection vulnerability that results from insufficient input validation of...

Cxuucms SQL注入漏洞

Cxuucms is a PHP-based content relationship building system. cxuucms v3 suffers from a SQL injection vulnerability that originates from leaking all database data via search.php via the keyword parameter. No detailed vulnerability details are available at this time...

CVE-2020-28133

An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0. There was authentication bypass in web login functionality allows an attacker to gain client privileges via SQL injection in salesinventory/login.php...

Sourcecodester SourceCodester Water Billing System SQL注入漏洞

SourceCodester Water Billing System is a water billing system from SourceCodester USA. A SQL injection vulnerability exists in SourceCodester Water Billing System version 1.0, which stems from a failure of the program to properly validate user input, and allows an attacker to perform SQL injectio...

Sourcecodester SourceCodester Grocery Store Sales And Inventory System SQL注入漏洞

Sourcecodester SourceCodester Grocery Store Sales And Inventory System is a grocery store sales and inventory management system from SourceCodester USA. A SQL injection vulnerability exists in SourceCodester Grocery Store Sales And Inventory System version 1.0, which can be exploited by an attack...

CVE-2020-5659

SQL injection vulnerability in the XooNIps 3.49 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors...

fastadmin SQL Injection Vulnerability

fastadmin is a web backend development framework based on ThinkPHP and Bootstrap. A SQL injection vulnerability exists in fastadmin-tp6 v1.0, which originates in the app management controller Ajax.php file, where the passed table parameters are not filtered. An attacker can exploit this...

SQL Injection Vulnerability in Shield Spirit Voting Voter System for Front-end User Modification Data

Shield Spirit Voting Powder Sucking System can be applied to the public number, through the WeChat public number of the message interface to collect the user to send the vote number of the data to reach the vote, with anti-brush voting voting function, but also efficiently suck the live powder...

SQL Injection Vulnerability in waychar enrollment system VER 0.30

Waychar Registration System is a free race registration system. A SQL injection vulnerability exists in waychar registration system VER 0.30, which can be exploited by attackers to obtain sensitive information...

SQL Injection Vulnerability in Shield Spirit Commodity Promotion System Frontend sh***.php Page

Shield Spirit commodity promotion system can be applied to multiple types of public number, personal or business subscription number and service number can be used, easy to docking all kinds of public number, through the WeChat public number of the relevant interfaces configured to come into effe...