SQL Injection Vulnerability in SDMCS V1.1 Frontend

SDCMS is a PHP 3-in-1 website management system independently developed by Fireworks Network. SDMCS V1.1 SQL injection vulnerability exists in the front-end, due to the system does not effectively filter the data submitted by the user, the attacker can exploit the vulnerability to obtain sensitiv...

SLiMS SQL Injection Vulnerability

SLiMS 8 Akasia is an open source, free library management system. An SQL injection vulnerability exists in the admin/AJAXlookuphandler.php file, the admin/AJAXcheckid.php file, and the admin/AJAXvocabolarycontrol.php file in SLiMS 8 Akasia 8.3.1 and earlier versions. A remote attacker can exploit...

ShopsN v3.0 SQL Injection Vulnerability in Frontend ProductController.class.php File

ShopsN is a free e-commerce open source system. ShopsN v3.0 beta3 version ProductController.class.php file contains a SQL injection vulnerability , due to the system failed to strictly filter the guess function . Remote attackers can exploit the vulnerability to obtain sensitive database...

ShopsN v2.0 frontend CartController.class.php file order_form function has SQL injection vulnerability

ShopsN free version of the B2C e-commerce is a product of Shanghai Yisu Network Technology Co. An open source online store in line with enterprise-class commercial standards of the whole network system. In ShopsN v2.0 beta2 version of the front-end CartController.class.php in the orderform functi...

LMS King Professional Component SQL Injection Vulnerability in Joomla!

Joomla! is an open source, cross-platform content management system developed using PHP and MySQL. A SQL injection vulnerability exists in the cpid parameter in Joomla! LMS King Professional, which can be exploited by attackers to access or modify database data...

Multiple vulnerabilities in phpcms V9 front and backend

PHPCMS is a web content management system based on PHP and Mysql architecture. PHPCMS V9.6.3 backend has a reflective XSS and SQL injection vulnerability that can bypass the CSRF defense and upload any script file under certain conditions...

VehicleWorkshop SQL Injection Vulnerability

VehicleWorkshop is an online vehicle management system based on PHP and MySQL. VehicleWorkshop suffers from a SQL injection vulnerability. An attacker could use the vulnerability to access or modify data, or exploit a potential vulnerability in the underlying database...

Hashtopus SQL Injection Vulnerability

Hashtopus is a cross-platform client-server tool for distributing hash table tasks between multiple computers. A SQL injection vulnerability exists in Hashtopus version 1.5g. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands with the help of the 'format' parameter...

Fiyo CMS SQL Injection Vulnerability (CNVD-2017-23890)

Fiyo CMS is a content management system CMS for creating CMS templates. A SQL injection vulnerability exists in the /apps/apparticle/controller/editor.php file in Fiyo CMS version 2.0.7. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands with the help of $POST'id'...

CVE-2017-1183

IBM Tivoli Monitoring Portal v6 could allow a local network adjacent attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. IBM X-Force ID: 123494...

SQL Injection Vulnerability in Hanchao B2B2C Multi-User Mall System

Hanchao B2B2C multi-user mall system is a PHP multi-user mall website system source code developed in PHP + MySQL. Hanchao B2B2C multi-user mall system Shopid parameter, ajaxshopinfo method SQL injection vulnerability exists because the system fails to strictly filter the parameters provided by t...

SQL Injection Vulnerability in phpaaCMS

phpaaCMS is a simple article management system. A SQL injection vulnerability exists in /admin/category.add.php in phpaaCMS v0.5, which can be exploited by attackers to obtain sensitive information about the database...

SQL Injection Vulnerability in Hanchao B2B2C Multi-User Mall System Submit_service Method

Hanchao B2B2C multi-user mall system is a PHP multi-user mall website system source code developed in PHP + MySQL. Hanchao B2B2C multi-user mall system submitservice method exists SQL injection vulnerability, due to the system failed to strictly filter the parameters provided by the user. An...

EMC Data Protection SQL Injection Vulnerability

EMC Data Protection Advisor is a data protection management solution from EMC Corporation. The solution supports automated and centralized execution of all such data collection and analysis, as well as obtaining a single comprehensive view of the data protection environment and activities. A SQL...

Aruba Networks ClearPass Policy Manager SQL Injection Vulnerability

Aruba Networks ClearPass Policy Manager is a BYOD network access control policy enforcement platform. An SQL injection vulnerability in Aruba Networks ClearPass Policy Manager allows remote attackers to construct malicious URIs, trick users into parsing them, and perform malicious actions in the...

IBM Maximo Asset Management SQL Injection Vulnerability (CNVD-2017-21753)

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for these assets. An SQL injectio...

Piwigo SQL Injection Vulnerability

Piwigo is a web-based photo album software from the Piwigo team. The software supports photo publishing, management, multiple browsing options categories, tags, time and more. A SQL injection vulnerability exists in the administrative backend of Piwigo 2.9.1 and previous versions. A remote attack...

SQL Injection Vulnerability in appcms comment.php

APPCMS is a professional APP content management system. APPCMS comment.php suffers from a SQL injection vulnerability. An attacker can exploit this vulnerability to obtain sensitive database information or perform unauthorized operations...

Treehugger External Link System suffers from SQL Injection Vulnerability

Tree Hole external chain system is a free open source PHP external chain network disk system , support for a variety of storage methods , multi-user system . Tree Hole external link system in shudong\views\userFiles file in the existence of SQL injection vulnerability , due to the failure of the...

SQL Injection Vulnerability in addr_edite Method of ShopSn V2.0 Mall System

ShopsN Mall system is a product of Shanghai Yiso Network Technology Co., Ltd, an enterprise-class commercial standard full-featured allow free commercial use of the open source online store full network system. A SQL injection vulnerability exists in the userid parameter in the addredite method o...