CVE-2017-12364

A SQL Injection vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unauthorized Structured Query Language SQL queries. The vulnerability is due to a failure to validate user-supplied input that is used in SQL queries. An...

SQL Injection Vulnerability in ECShop 3.0.0

ECShop is a B2C independent online store system, suitable for enterprises and individuals to quickly build a personalized online store. The system is based on PHP language and MYSQL database structure development of cross-platform open source program. A SQL injection vulnerability exists in the...

ShyPost Enterprise Management System suffers from SQL Injection Vulnerability

ShyPost Enterprise Management System is a set of intelligent ASP-based website building software. ShyPost Enterprise Management System suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

Serendipity blog component SQL injection vulnerability

Serendipity is a PHP-based blogging system. The system supports the creation of online diaries, blogs, web pages, etc. blog component is one of the blogging components. A SQL injection vulnerability exists in the blog component in Serendipity version 2.0.3. A remote attacker can exploit this...

Hefei Chenguang Electronic Technology Co., Ltd. website construction system multiple parameters exist SQL injection vulnerability

Hefei Chenguang Electronic Technology Co., Ltd. is a domestic Internet operation service provider with technical strength and rich experience in website construction and operation. Hefei Chenguang Electronic Technology Co., Ltd. website construction system has SQL injection vulnerability in sever...

SQL Injection Vulnerability in ThinkLC Classifieds Expand.php Page

ThinkLC Classified Information System is a local classified information system built on PHP+MYSQL development. A SQL injection vulnerability exists in the thinkLC Classified Information System expand.php page. The vulnerability is caused due to the system failing to effectively filter...

Cisco Unified Communications Manager SQL Injection Vulnerability

Cisco Unified Communications Manager CUCM, Unified CM, CallManager is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. sql database interface is one of...

SQL injection vulnerability in YxtCMF frontend ShitiController.class.php page

YxtCMF Yi Xue Tang Online Learning System is an online learning platform system developed with thinkphp+bootstrap as the framework. A SQL injection vulnerability exists in the YxtCMF frontend ShitiController.class.php page. The vulnerability is due to the system failing to effectively filter...

ZOHO ManageEngine Applications Manager SQL Injection Vulnerability (CNVD-2017-37248)

ZOHO ManageEngine Applications Manager is a set of IT operation and maintenance management solutions of the United States ZhuoHao ZOHO company. The product has application performance management, fault management, report generation and SLA management and other functions. A SQL injection...

SQL Injection Vulnerability in Ming Enterprise Technology Website Construction System

Shanghai Ming Enterprise Information Technology Co., Ltd Ming Enterprise Technology is engaged in website construction, network marketing, domain name hosting and Internet application development. A SQL injection vulnerability exists in Ming Enterprise's website construction system. The...

CVE-2017-12302

A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The vulnerability is due to a lack of input validation on user-suppli...

SQL injection vulnerability in shownews.hb page of website building system of Jiangxi Huabang Media Co.

Jiangxi Huabang Media Co., Ltd. is a comprehensive IT company integrating enterprise informationization construction, network development and Internet marketing. There is a SQL injection vulnerability in the shownews.hb page of the website building system of Jiangxi Huabang Media Co. The...

SQL Injection Vulnerability in News.asp Page of Frontier Technology Website Building System

Zaozhuang Frontier Technology Co., Ltd. is a technology enterprise engaged in software technology services. A SQL injection vulnerability exists in the news.asp page of Frontier Technology's website construction system. An attacker can exploit this vulnerability to obtain sensitive information fr...

SQL Injection Vulnerability in auxblogcms 1.0.6

auxblogcms is a php personal blog system based on PHP+MySQL program. auxblogcms 1.0.6 suffers from a SQL injection vulnerability, which is caused due to the system failing to filter parameters effectively. An attacker can exploit this vulnerability to obtain sensitive database information...

SQL Injection Vulnerability in Anqing One Point Website Construction System

Anqing One Point Information Technology Co., Ltd. is Anqing set of website construction, government management software, office management software, microcontroller software development, sales; system integration, integrated wiring, server hosting, computer office equipment and consumables sales,...

SQL Injection Vulnerability in the Frontend of Esaote E3 Omni-Channel Retail Management Software

E3 omni-channel retail management software is Esaote's e-commerce ERP system for online sales in the fashion industry, integrating Taobao interface, independent B2C mall system, advanced order processing system, logistics and warehousing system, network marketing and promotion system, and...

SQL Injection Vulnerability in Tonglian Da3 Collaboration Office Platform

Tonglian Da3 cooperative office platform is a series of Da3 management software products provided by Tonglian for governmental units at all levels, focusing on "mobile government office". There is a SQL injection vulnerability in the Da3 collaborative office platform, which can be exploited by an...

D-Park Pro Domain Parking Script SQL Injection Vulnerability

D-Park Pro Domain Parking Script is a domain parking script. A SQL injection vulnerability exists in D-Park Pro Domain Parking Script version 1.0. A remote attacker can exploit this vulnerability to inject SQL commands...

Vastal I-Tech Agent Zone SQL Injection Vulnerability

Vastal I-Tech Agent Zone aka The Real Estate Script is a real estate website management system. A SQL injection vulnerability exists in Vastal I-Tech Agent Zone aka The Real Estate Script. A remote attacker can exploit this vulnerability to inject SQL commands...

SQL Injection Vulnerability in Axublog v1.0.6 hit.php Page

Axublog is a PHP personal blog system. A SQL injection vulnerability exists in the Axublog v1.0.6 hit.php page. An attacker can exploit this vulnerability to obtain sensitive database information...