CA PPM SQL Injection Vulnerability

CA PPM is a suite of project and portfolio management software from CA USA. The software includes features such as task management, project planning, financial reporting management and resource management. A SQL injection vulnerability exists in CA PPM that stems from the program's inadequate...

SQL Injection Vulnerability in PbootCMS

PbootCMS is a new core open source enterprise building system developed by Avantech. PbootCMS suffers from SQL injection vulnerability. Attackers can exploit the vulnerability to obtain sensitive information in the database...

IBM Maximo Asset Management SQL Injection Vulnerability (CNVD-2018-17089)

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for these assets. An SQL injectio...

CVE-2018-15904

A10 ACOS Web Application Firewall WAF 2.7.1 and 2.7.2 before 2.7.2-P12, 4.1.0 before 4.1.0-P11, 4.1.1 before 4.1.1-P8, and 4.1.2 before 4.1.2-P4 mishandles the configured rules for blocking SQL injection attacks, aka A10-2017-0008...

CVE-2018-1699

IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145968...

WordPress Plugin Chained Quiz SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress plugin Chained Quiz, which can be exploited by attackers to execute...

LibreHealthIO LH-EHR SQL Injection Vulnerability

LibreHealthIO LH-EHR is an open source electronic health record and medical practice management application. A SQL injection vulnerability exists in the Show Groups Popup SQL query function in the LibreHealthIO LH-EHR REL-2.0.0 release. A remote attacker can exploit the vulnerability to execute...

RSA Archer embedded WorkPoint component SQL injection vulnerability

RSA Archer is an enterprise IT governance and compliance governance product. An SQL injection vulnerability exists in the RSA Archer embedded WorkPoint component, which can be exploited by an attacker to execute SQL commands on a back-end database to read certain data...

Vulnerability hunting with Semmle QL, part 1

Previously on this blog, we’ve talked about how MSRC automates the root cause analysis of vulnerabilities reported and found. After doing this, our next step is variant analysis: finding and investigating any variants of the vulnerability. It’s important that we find all such variants and patch...

SQL Injection Vulnerability in Website Building System of Shangyu Tiansheng Network Technology Service Co.

Shangyu Tiansheng Network Technology Service Co., Ltd. is engaged in website construction, website promotion, website SEO optimization, enterprise mailbox, domain name registration, web space, network marketing planning for a full range of solutions. Shangyu Tiansheng Network Technology Service...

ShopsN open source online store full web system suffers from SQL injection vulnerability (CNVD-2018-17331)

ShopsN free version of the B2C e-commerce is a product of Shanghai Yisu Network Technology Co., Ltd. a full-featured enterprise-class commercial standards in line with the real allow free commercial use of open source online store full network system. ShopsN v2.3.3 official version of the existen...

SQL Injection Vulnerability in Website Building System of Shanghai Bonning Network Technology Co.

Shanghai Bonning Network Technology Co., Ltd. is a company dedicated to the application and promotion of website building and e-commerce for enterprises and institutions. Shanghai Bonning Network Technology Co., Ltd. website building system has SQL injection vulnerability, attackers can use the...

SQL Injection Vulnerability in seacms

seacms is a video-on-demand content management system designed for different needs. A SQL injection vulnerability exists in seacms. An attacker can exploit the vulnerability to obtain sensitive database information...

SQL Injection Vulnerability in Azeus CMS 2.0 Backend

Central CMS 2.0 is a cms system made by Central Studio, this CMS is written in UTF-8 coding. Azeus CMS 2.0 has a SQL injection vulnerability in the background, which can be exploited by attackers to obtain sensitive information from the database...

SQL Injection Vulnerability in EML Enterprise Address Book Management System

EML enterprise customer address book management system, is based on Linux open kernel and Apache based Php + Mysql intelligent B / S interactive service system. EML enterprise address book management system version 5.4.5 there is a sql injection vulnerability , attackers can exploit the...

SQL Injection Vulnerability in the Frontend of Rongguang Information Ordering and Consumption System (荣光信息订取餐消费系统前台存在SQL注入漏洞)

Rongguang Information Ordering and Picking Up Food Consumption System is a multi-functional ordering system developed by Shenzhen Rongguang Information Co. SQL injection vulnerability exists in the frontend of Rongguang Information Ordering and Consumption System, which can be exploited by...

PbootCMS V1.1.7 SQL Injection Vulnerability in Li***.php Page

PbootCMS is a new core open source enterprise building system developed by Avantech. PbootCMS V1.1.7 Li.php page SQL injection vulnerability. An attacker can exploit the vulnerability to obtain sensitive database information...

DEBIAN-CVE-2018-12482

OCS Inventory 2.4.1 contains multiple SQL injections in the search engine. Authentication is needed in order to exploit the issues...

SQL Injection Vulnerability in PHPSHE Mall System

PHPSHE mall system is a combination of product display, online shopping, order management, payment management, article management, customer consultation feedback and other functions, providing users with online shopping mall construction program. A SQL injection vulnerability exists in PHPSHE Mal...

Chengdu Innovative Internet Technology Co., Ltd. website building system suffers from SQL injection vulnerability

Chengdu Innovative Internet Technology Co., Ltd. mainly provides customers with high-quality Internet services and technology development and other services. Chengdu Innovative Internet Technology Co., Ltd. website building system has a SQL injection vulnerability, which can be exploited by...