SQL Injection Vulnerability in Normandy Technology Website Building System

Zhongshan Normandy Information Technology Co., Ltd. is a service organization that provides network informatization for enterprises and institutions. Normandy Technology website building system has SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive information in...

Trape SQL Injection Vulnerability (CNVD-2019-22230)

Trape is a suite of open source Internet tracking and identification tools. The tool is capable of remotely identifying sessions and simulating phishing attacks. A SQL injection vulnerability exists in Trape 2019-05-08 and prior versions. The vulnerability stems from a lack of validation of...

openstack-ironic-inspector: SQL Injection vulnerability when receiving introspection data

A SQL-injection vulnerability was found in openstack-ironic-inspector's nodecache.findnode. This function makes a SQL query using unfiltered data from a server reporting inspection results by a POST to the /v1/continue endpoint. Because the API is unauthenticated, the flaw could be exploited by a...

SQL Injection Vulnerability in Electronic Service System V2.0 of Gansu Chengxing Information Technology Co.

Gansu Chengxing Information Technology Co., Ltd. developed to meet the needs of various types of public resource transactions, can provide timely, reliable and effective support for the Chengxing public resource trading platform. Gansu Chengxing Information Technology Co., Ltd. electronic service...

SQL Injection Vulnerability in AIT CMS

Hainan Zanzan Network Technology Co., Ltd. is a professional website construction, network services, operation technology output network company in the industry. There is a SQL injection vulnerability in AIT CMS, which can be exploited by attackers to obtain sensitive database information...

SQL Injection Vulnerability in Zhongyan Ruihua Video Surveillance Management Platform

Ningbo Zhongyan Ruihua Digital Technology Co., Ltd former Oriental Ruihua develops and sells "RUIHUA" Ruihua 3G wireless video surveillance, cell phone video surveillance, wireless data transmission, software development and other series of products. A SQL injection vulnerability exists in Ruihua...

SQL Injection Vulnerability in Beijing Night Cat Website Building System

Beijing Nightcats Tiancheng Network Technology Co., Ltd referred to as Nightcats Network, is a professional website design and website construction service provider. There is a SQL injection vulnerability in Beijing Nightcats website building system, which can be exploited by attackers to obtain...

Couchbase Sync Gateway SQL Injection Vulnerability

Couchbase Sync Gateway is a secure Web gateway for data access and data synchronization over the Web from Couchbase Inc. in the United States. A SQL injection vulnerability exists in the REST API in Couchbase Sync Gateway version 2.1.2 Couchbase Server. An attacker could exploit the vulnerability...

The vulnerability in the platform for creating a unified database and electronic registration of residential properties, “BAR.- ”, exists due to the failure to address the issue of eliminating special elements used in SQL queries. This allows a violator to obtain the contents of the database.

The vulnerability in the platform for creating a unified database and electronic registration of residential properties, “BAR.- ”, exists due to the failure to take measures to neutralize special elements used in SQL queries. Exploiting this vulnerability can allow an attacker, operating remotely...

CSZ CMS SQL Injection Vulnerability

CSZ CMS is a PHP-based open source content management system CMS. A SQL injection vulnerability exists in the core/MYSecurity.php file in CSZ CMS version 1.2.2 prior to 2019-06-20. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based application...

SQL Injection Vulnerability in Enterprise Side Internet Integrated Management Platform

Beijing Yahong Century Technology Development Co., Ltd. is a technology company specializing in Internet spatial data governance, network and information security and data value-added solutions and services. An SQL injection vulnerability exists in the Enterprise Side Internet Integrated Manageme...

Apache Fineract SQL Injection Vulnerability (CNVD-2019-19050)

Apache Fineract is a set of open source digital financial services platform of the U.S. Apache Apache Software Foundation. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other functions. An SQL injection vulnerability...

Mito website building system has information leakage vulnerability

metinfo mito system is an enterprise website management system with PHP Mysql architecture. Version 6.2.0 of the metinfo website builder system has an information leakage vulnerability that can be exploited by attackers to download sql files and obtain sensitive information...

CVE-2019-12149

SQL injection vulnerability in silverstripe/restfulserver module 1.0.x before 1.0.9, 2.0.x before 2.0.4, and 2.1.x before 2.1.2 and silverstripe/registry module 2.1.x before 2.1.1 and 2.2.x before 2.2.1 allows attackers to execute arbitrary SQL commands...

Cloudera Data Science Workbench SQL Injection Vulnerability

Cloudera Data Science Workbench CDSW is a suite of data science platforms from Cloudera. The platform provides organizations with fast, easy and secure self-service data science support. A SQL injection vulnerability exists in Cloudera CDSW versions 1.4.0 through 1.4.2. The vulnerability stems fr...

HotelDruid SQL Injection Vulnerability (CNVD-2019-17320)

HotelDruid is a hotel management system from the DigitalDruid.Net team. The system includes features such as room management, financial management and inventory management. A SQL injection vulnerability exists in HotelDruid versions prior to 2.3.1. The vulnerability stems from a lack of validatio...

SalesAgility SuiteCRM SQL Injection Vulnerability (CNVD-2019-16997)

SalesAgility SuiteCRM is a suite of enterprise-grade open source customer relationship management CRM. A SQL injection vulnerability exists in SalesAgility SuiteCRM versions 7.10.x prior to 7.10.17 and 7.11.x prior to 7.11.5, which can be exploited by an attacker to execute illegal SQL commands...

ZOHO ManageEngine Netflow Analyzer SQL Injection Vulnerability

ZOHO ManageEngine Netflow Analyzer is a set of web-based bandwidth monitoring tools. A SQL injection vulnerability exists in ZOHO ManageEngine Netflow Analyzer /client/api/json/v2/nfareports/compareReport, which can be exploited by remote attackers to submit a specially crafted SQL request to...

Critical Flaws Found in Widely Used IPTV Software for Online Streaming Services

Security researchers have discovered multiple critical vulnerabilities in a popular IPTV middleware platform that is currently being used by more than a thousand regional and international online media streaming services to manage their millions of subscribers. Discovered by security researchers ...

SQL Injection Vulnerability in One-Card System of Zhengzhou Xinkai Pu Electronic Technology Co.

Zhengzhou New Cape Electronic Technology Co., Ltd. is a company whose main business scope includes computer system integration, development and operation and maintenance, software, smart card machine and other projects. Zhengzhou XinKaipu Electronic Technology Co., Ltd. one card system there is a...