GitLab Access Control Error Vulnerability (CNVD-2020-52426)

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects. An access control error vulnerability exists in GitLab versions prior to 13.1.10, 13.2.8, and 13.3....

mysql: Server: Locking unspecified vulnerability (CPU Jul 2020)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Locking. Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...

IBM InfoSphere Guardium SQL Injection Vulnerability

InfoSphere Guardium is an enterprise information database auditing and protection solution. A SQL injection vulnerability exists in several InfoSphere Guardium scripts that can be exploited by remote attackers to submit a specially crafted SQL request to manipulate a database, which could result ...

My-CTF-Web-Challenges

It is an offensive tool for web exploitation. The repository contains a collection of web challenges created by the user 'orange'. The challenges are designed to test various web exploitation techniques, including SQL injection, cross-site scripting XSS, and authentication bypass. The challenges...

There are SQL injection vulnerabilities in the backend of Zendo open source version of Qingdao Yiqi Tianchuang Management Consulting Co.

Zendo Open Source Edition is a research and development project management software. There is a SQL injection vulnerability in the backend of Zendo Open Source Edition of Qingdao Yiqi Tianchuang Management Consulting Co. An attacker can exploit this vulnerability to obtain sensitive information...

Microsoft Dynamics 365 Remote Code Execution Vulnerability (CNVD-2020-52901)

Microsoft Dynamics 365 is Microsoft's next-generation intelligent business application that helps enterprises grow and digitally transform through the perfect integration of CRM and ERP. A remote code execution vulnerability exists in Microsoft Dynamics 365 9.0. The vulnerability stems from the...

postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution

A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function...

ZZCMS suffers from SQL injection vulnerability (CNVD-2020-57393)

ZZCMS is a free website builder developed in asp language. ZZCMS suffers from a SQL injection vulnerability. An attacker can exploit this vulnerability to read database information...

Jinan Yuxia Information Technology Co., Ltd. website building system SQL injection vulnerability

Jinan Yuxia Information Technology Co., Ltd. to the Internet products and related services as the main direction, is a collection of website construction and network promotion, IDC business, software development, server hosting, telecommunications value-added services and other integrated service...

openSIS SQL Injection Vulnerability (CNVD-2020-51259)

openSIS is a free, open source student information system/school management software. A SQL injection vulnerability exists in the GetSchool.php function in openSIS 7.3. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to conduct a SQL injection attack...

F5 BIG-IP AFM Configuration Tool SQL Injection Vulnerability

The F5 BIG-IP AFM is an advanced firewall device. The F5 BIG-IP AFM configuration tool suffers from a sql injection vulnerability that can be exploited by remote attackers to submit a special SQL request to manipulate a database, which can be used to obtain sensitive information or execute...

YouDianCMS suffers from SQL injection vulnerability (CNVD-2020-56377)

YouDianCMS set computer website, mobile website, micro letter, APP, small program in one, share space, data automatic synchronization, is the domestic open source five station one excellent solution. YouDianCMS has SQL injection vulnerability, attackers can use the vulnerability to obtain databas...

YouDianCMS suffers from SQL injection vulnerability (CNVD-2020-56375)

YouDianCMS set computer website, mobile website, micro letter, APP, small program in one, share space, data automatic synchronization, is the domestic open source five station one excellent solution. YouDianCMS has SQL injection vulnerability, attackers can use the vulnerability to obtain databas...

YouDianCMS suffers from SQL injection vulnerability (CNVD-2020-56376)

YouDianCMS set computer website, mobile website, micro letter, APP, small program in one, share space, data automatic synchronization, is the domestic open source five station one excellent solution. YouDianCMS has SQL injection vulnerability, attackers can use the vulnerability to obtain databas...

The vulnerability of the designer/move.js file of the phpMyAdmin web application for database management system administration allows a perpetrator to execute arbitrary code.

The vulnerability of the designer/move.js file of the phpMyAdmin web application for database management systems relates to the lack of security measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

hibernate: SQL injection issue in Hibernate ORM

A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further...

SQL Injection Vulnerability in Website Building System of Xiamen E-Shang Network Technology Co.

Xiamen Yi Shang Network Technology Co., Ltd. is an IT company dedicated to enterprise e-commerce consulting and solutions and enterprise informationization services. Xiamen Ease of Business Network Technology Co., Ltd. website building system there is a SQL injection vulnerability, an attacker ca...

SQL Injection Vulnerability in Standard Pepsi Vi***.ashx Page of RunShen Information Technology (Shanghai) Co.

R&S Information Technology Shanghai Co., Ltd. is a high-tech company specializing in software development and information services. Ltd. SQL injection vulnerability exists in the Standard Pepsi Vi.ashx page, which can be exploited by attackers to obtain sensitive information from the database...

CVE-2020-17373

SugarCRM before 10.1.0 Q3 2020 allows SQL Injection...

Xiamen SiXin Communication Technology Co., Ltd. warning platform with SQL injection vulnerability

Xiamen Sihsin Communication Technology Co., Ltd. is a national high-tech enterprise, Fujian Province Science and Technology Innovation Small Giant leading enterprise, Internet of Things IoT platform enterprise, IoT technology expert, IoT communication equipment and solution provider. Xiamen Sihon...