SQL Injection Vulnerability in B2C_UQ Cloud Business System (CNVD-2019-18481)

UQ Cloud Business System B2C version is a compact e-commerce system, the platform is developed by PHP7.0+Mysql. B2CUQ Cloud Business System suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

Quest Software Kace K1000 Appliance SQL Injection Vulnerability

Quest Software Kace K1000 Appliance is a system management appliance from Quest Software, USA. The product is used for software license management, patch and endpoint security management, software distribution and server monitoring functions. A SQL injection vulnerability exists in Quest Kace K10...

IBM PureApplication System SQL Injection Vulnerability

IBM PureApplication System is a platform system from IBM USA designed for transactional Web and database applications. The system is capable of handling workloads and can be maintained and updated from a single console for all configurations. A SQL injection vulnerability exists in IBM...

SQL Injection Vulnerability in the Website Management System of Henan Lisuo Internet Information Technology Co.

Henan Lisuo Internet Information Technology Co., Ltd. is an Internet comprehensive service organization. There is a SQL injection vulnerability in the website management system of Henan Lisuo Internet Information Technology Co., Ltd, which can be exploited by attackers to obtain sensitive...

CVE-2019-10123

SQL Injection in Advanced InfoData Systems AIS ESEL-Server 67 which is the backend for the AIS logistics mobile app allows an anonymous attacker to execute arbitrary code in the context of the user of the MSSQL database. The default user for the database is the 'sa' user...

Vtiger CRM SQL Injection Vulnerability (CNVD-2019-16507)

Vtiger CRM is a set of customer relationship management system CRM based on SugarCRM developed by American Vtiger. The management system provides management, collection and analysis of customer information and other functions. A SQL injection vulnerability exists in the...

The vulnerability in the web interface of the Cisco Prime Infrastructure monitoring and network device management system, as well as the Cisco Evolved Programmable Network Manager software, allows a malicious actor to execute arbitrary SQL queries.

The vulnerability of the web interface for managing Cisco Prime Infrastructure network equipment and the Cisco Evolved Programmable Network Manager software relates to input validation errors. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries by sending specially...

SQL Injection Vulnerability in Tpshop Us***.php Page at Member Information

Tpshop is a set of multi-merchant mode developed by Shenzhen Soleil Networks Limited mall system. A SQL injection vulnerability exists in the member information of the Tpshop Us.php page. Attackers can use the vulnerability to obtain sensitive information in the database...

SQL Injection Vulnerability in Tpshop v3.5 Sm***.php Page

Tpshop is a set of multi-merchant mode developed by Shenzhen Soleil Networks Limited mall system. A SQL injection vulnerability exists in the Tpshop v3.5 Sm.php page. Attackers can use the vulnerability to obtain sensitive information in the database...

SQL Injection Vulnerability in Tpshop v3.5 Ar***.php Page

Tpshop is a set of multi-merchant mode developed by Shenzhen Soleil Networks Limited mall system. A SQL injection vulnerability exists in the Tpshop v3.5 Ar.php page. An attacker can exploit the vulnerability to obtain sensitive information from the database...

SQL injection vulnerability in Tpshop v3.5 To***.php page (CNVD-2019-17503)

Tpshop is a set of multi-merchant mode developed by Shenzhen Soleil Networks Limited mall system. A SQL injection vulnerability exists in the Tpshop v3.5 To.php page. Attackers can use the vulnerability to obtain sensitive information in the database...

SQL injection vulnerability in Tpshop v3.5 Us***.php page (CNVD-2019-17500)

Tpshop is a set of multi-merchant mode developed by Shenzhen Soleil Networks Limited mall system. A SQL injection vulnerability exists in the Tpshop v3.5 Us.php page. Attackers can use the vulnerability to obtain sensitive information in the database...

PETRAWARE Technologies pTransformer Advanced Document Capture SQL Injection Vulnerability

PETRAWARE Technologies pTransformer Advanced Document Capture ADC is a suite of advanced document capture and categorization solutions from PETRAWARE Technologies, Malaysia. The product supports distributed document capture, automatic indexing, optical character recognition and automatic data...

WordPress WPGraphQL Access Control Error Vulnerability (CNVD-2019-27674)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WPGraphQL is a plugin that provides an extensible GraphQL architecture and API for WordPress sites. An access control error vulnerabili...

ZZCMS suffers from SQL injection vulnerability

ZZCMS is a content management system CMS by the ZZCMS team in China. ZZCMS suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database...

Computrols CBAS Web SQL Injection Vulnerability

CBAS Web is a Web-based building management system BMS from Computrols. A SQL injection vulnerability exists in Computrols CBAS Web. The vulnerability stems from improper validation of parameters passed to different scripts. A remote authenticated attacker could exploit the vulnerability to execu...

SQL Injection Vulnerability in SemCms

SemCms is an open source foreign trade enterprise website management system, mainly used for foreign trade enterprises. SemCms SQL injection vulnerability , attackers can use the vulnerability to obtain sensitive database information...

CommSy SQL Injection Vulnerability

Commsy is a Web-based, open source community system for project management. A SQL injection vulnerability exists in CommSy version 8.6.5. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker can exploit this vulnerabili...

CVE-2019-1824

A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplie...

OpenProject SQL Injection Vulnerability

OpenProject is an open source Web-based project management software . The software has project planning , task management , bug tracking and cost budgeting and other functions . A SQL injection vulnerability exists in OpenProject versions 5.0.0 through 8.3.1. The vulnerability stems from a lack o...