7729 matches found
CVE-2017-1347
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126462...
SQL Injection Vulnerability in Niushop Goods.php
NiuShop open source mall system is by Shanxi Niu Cool Information Technology Co., Ltd. completely independent design, research and development of a set of PHP open source e-commerce system . NIUSHOP open source mall system goods.php file id parameter SQL injection vulnerability , the program for...
nuevoMailer 'r' Parameter SQL Injection Vulnerability
nuevoMailer is an email marketing software that can be used to manage mailing lists and track autoresponders. A SQL injection vulnerability exists in nuevoMailer 6.0 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands with the help of the 'r'...
SQL Injection Vulnerability in Xiangsoft Smart Campus Platform
Xiangsoft Smart Campus Platform is an informative and intelligent software system. SQL injection vulnerability exists in Xiangsoft Technology Smart Campus Platform. An attacker can use this vulnerability to obtain sensitive information of the database...
SQL Injection Vulnerability in ShopSn V2.0 Mall System
ShopsN free version of the B2C e-commerce is a product of Shanghai Yisu Network Technology Co., Ltd , a full-featured business standards in line with the enterprise-class truly allow free commercial use of open source online store system . ShopSn V2.0 mall system has a SQL injection vulnerability...
Two SQL Injection Vulnerabilities in Axublog Blog System
axublog is a PHP personal blog system. Two SQL injection vulnerabilities exist in Axublog blog system. An attacker can exploit the vulnerabilities to obtain database information...
eCom Cart SQL Injection Vulnerability
A SQL injection vulnerability exists in eCom Cart. The vulnerability allows attackers to obtain sensitive information about the database...
OV3 Online Administration SQL Injection Vulnerability
OV3 Online Administration is an online administration platform. An SQL injection vulnerability exists in OV3 Online Administration. The vulnerability is caused due to input passed via multiple GET and POST parameters including the User-Agent HTTP header not being properly filtered before being...
SQL Injection Vulnerability in Website Building System of Guangzhou Shuntian Computer Technology Co.
Shun Tian Technology is a domestic senior network technology service provider, with international leading website development technology, e-commerce technology, website full range of promotional technology and attentive after-sales customer service team. Guangzhou Shuntian Computer Technology Co....
Shenzhen Sodo technology enterprise station CMS SQL injection vulnerability
Shenzhen Sodo Technology enterprise station CMS is a specialized product for enterprise station building. SQL injection vulnerability exists in Shenzhen Sodo Technology Enterprise Station Building CMS. Attackers can use this vulnerability to obtain database information...
poc
This repository appears to be a collection of proof-of-concept PoC exploits for various vulnerabilities, primarily targeting web applications. The PoCs are written in Python and utilize the Beebeeto framework. The PoCs cover a range of vulnerabilities, including SQL injection, cross-site scriptin...
Schneider Electric U.motion Builder track_import_export remote code execution vulnerability
U.motion Builder is a builder product from Schneider Electric France. A remote code execution vulnerability exists in Schneider Electric U.motion Builder trackimportexport. When the export operation is selected in an applet call, the underlying SQLite database query requires SQL injection of the...
SQL Injection Vulnerability in State Micro CMS Attachment Lists
State Micro CMS is one of the mainstream CMS systems in China, is also the largest open source platform provider in the field of PHP in southern China. State Micro CMS attachment list SQL injection vulnerability exists. The vulnerability stems from the attachment list parameter filtering is not...
Schneider Electric U.motion Builder editobject remote code execution vulnerability
U.motion Builder is a builder product from Schneider Electric France. A remote code execution vulnerability exists in the Schneider Electric U.motion Builder editobject. The underlying SQLite database query requires SQL injection on the type input parameter. A remote attacker could exploit the...
Schneider Electric U.motion Builder SOAP Remote Code Execution Vulnerability
U.motion Builder is a builder product from Schneider Electric France. A remote code execution vulnerability exists in the Schneider Electric U.motion Builder SOAP. The system allows SOAP requests to execute arbitrary SQL commands. An attacker could exploit the vulnerability to execute arbitrary...
CVE-2017-6668
Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager CUCDM could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc52784 CSCvc97648. Known Affected...
Xavier SQL Injection Vulnerability
Xavier - PHP is a login script and user management administration panel. Xavier suffers from a SQL injection vulnerability. Allows attackers to exploit the vulnerability to obtain sensitive information...
Openbravo Business Suite SQL Injection Vulnerability
Openbravo Business Suite is a management and business process optimization solution from Openbravo Spain. A SQL injection vulnerability exists in Openbravo Business Suite version 3.0. A remote attacker can exploit this vulnerability to inject arbitrary SQL code...
Fastspot BigTree CMS SQL Injection Vulnerability (CNVD-2017-08707)
Fastspot BigTree CMS is the United States Fastspot company based on PHP and MySQL open source content management system CMS. A SQL injection vulnerability exists in Fastspot BigTree CMS 4.2.18 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands...
TeamPass SQL Injection Vulnerability (CNVD-2017-11316)
TeamPass is a dedicated password manager for Apache, MySQL and PHP. A SQL injection vulnerability exists in the users.queries.php file in versions of TeamPass prior to 2.1.27.4. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands...