PYSEC-2019-53

SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the orderby parameter...

SQL Injection Vulnerability in the front-end pa***.asp file of Eco Times Enterprise Online Bookkeeping Management System

EcoTime Enterprise Online Bookkeeping Management System is an online bookkeeping software for small and medium-sized enterprises, stores, etc. It is suitable for managing cash flow accounts, accounts receivable and payable accounts, as well as company bookkeeping and other related financial...

SQL injection vulnerability in the front-end zh***_mo***.asp file of the online bookkeeping management system of Environmental Times Enterprises (CNVD-2019-06673)

Eco Times Enterprise Online Bookkeeping Management System is a financial online bookkeeping software. There is a SQL injection vulnerability in the zhmo.asp file in the frontend of the EcoTimes Enterprise Online Bookkeeping Management System. An attacker can exploit the vulnerability to obtain...

SQL injection vulnerability in the front-end xi***_mo***.asp file of the Eco Times Enterprise Online Bookkeeping Management System.

Eco Times Business Online Bookkeeping Management System is a financial online bookkeeping software. There is a SQL injection vulnerability in the ximo.asp file in the frontend of the EcoTimes Enterprise Online Bookkeeping Management System. An attacker can exploit the vulnerability to obtain...

SQL Injection Vulnerability in the Front-end us***.asp File of Environmental Times Enterprise Online Bookkeeping Management System

Eco Times Enterprise Online Bookkeeping Management System is a financial online bookkeeping software. SQL injection vulnerability exists in the us.asp file in the frontend of the EcoTimes Enterprise Online Bookkeeping Management System. An attacker can use the vulnerability to obtain sensitive...

ZoneMinder SQL Injection Vulnerability (CNVD-2019-04688)

ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras and more. ZoneMinder 1.32.3 and earlier versions of skins/classic/views/events.php file has a SQL injection vulnerability , a remote attacker can with the help of 'filterQueryterms0cnj'...

SQL Injection Vulnerability in YCCMS v3.3

YCCMS is a PHP version of a lightweight CMS builder. YCCMS v3.3 suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

SQL Injection Vulnerability in Sl***_Pa***.aspx of Bid 1.0 Backend of Qixing Engineering Bidding System

Qixing Bidding System is suitable for enterprises to collect information on government procurement, engineering construction, land grant and other bidding information, and to track the progress of works and payment of successful projects. A sql injection vulnerability exists in the backend...

SQL Injection Vulnerability in the Frontend of Worklog 25.0 System by Kaixin Worklog

Worklog is a B/S based software for structuring intra-enterprise collaborative work. A SQL injection vulnerability exists in the frontend of the Qixing Worklog 25.0 system, which can be exploited by attackers to manipulate the database...

ArangoDB Community Edition 3.4.2-1 - Cross-Site Scripting

Exploit Title: ArangoDB Community Edition 3.4.2-1 | Cross-Site Scripting Date: 17.02.2019 Exploit Author: Ozer Goker Vendor Homepage: https://www.arangodb.com Software Link: https://www.arangodb.com/download-major/ Version: 3.4.2-1 Introduction ArangoDB is a native multi-model, open-source databa...

SQL injection vulnerability in Ectouch frontend Ex***.cl***.php file

ECTouch is a mobile mall online store system launched by Shanghai Shangchuang Network Technology Co. A SQL injection vulnerability exists in the Ex.cl.php file in the frontend of Ectouch. Attackers can use the vulnerability to obtain sensitive database information...

SQL Injection Vulnerability in Penta Campus Network Application System Management Software

PantoSchool.Net is a complete solution for networked learning schools! A SQL injection vulnerability exists in PantoSchool.Net Application System Management Software. An attacker can exploit the vulnerability to obtain sensitive information from the database...

SQL Injection Vulnerability in the Backend Us***_Ro***.aspx File of Qixing Image & Video Library Gallery v27.0

Qixing Image & Video GalleryGallery is mainly used to store images or videos in the company. A SQL injection vulnerability exists in the backend UsRo.aspx file of Qixing Image & Video Gallery v27.0, which can be exploited by an attacker to obtain sensitive information from the database...

Traq SQL Injection Vulnerability

Traq is a PHP-based project management and issue tracking system. Traq suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker can exploit this vulnerability to execute illegal SQL commands...

SQL Injection Vulnerability in the Frontend Pr***.ashx Page of eDoc, an Electronic Document Repository

Electronic document library eDoc is a click document management system developed by Anhui Qixing Studio. SQL injection vulnerability exists in the front-end Pr.ashx page of eDoc, which can be exploited by attackers to obtain sensitive information from the database...

SQL Injection Vulnerability in SemCms Foreign Trade Website Management System (PHP Version) SE***.php Page

SemCms is a set of open source foreign trade enterprise website management system, mainly used for foreign trade enterprises, compatible with IE, Firefox, google, 360 and other mainstream browsers. SemCms foreign trade website management system PHP version SE.php page there is a SQL injection...

SQLite Memory Corruption Vulnerability in Multiple Apple Products

Apple iOS and so on are the products of the United States Apple Apple. Apple iOS is a set of operating systems developed for mobile devices; tvOS is a set of smart TV operating system. SQLite is one of the set of C-based open source embedded relational database management components developed by...

SQL Injection Vulnerability in the Website Building System of Beijing Nightcat Network Technology Co.

Beijing Nightcats Network Technology Co., Ltd. is a company that specializes in providing website building services to users. There is a SQL injection vulnerability in the website building system of Beijing Nightcats Network Technology Co. Ltd, which can be exploited by attackers to obtain...

CVE-2019-6805

SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php Oid parameter...

S-CMS Chinese/English Bilingual Decoration Industry Website v3.0 po***.asp page suffers from SQL injection vulnerability

S-CMS Chinese and English bilingual decoration industry website is developed with asp+access, comes with a set of PC templates and a set of WAP templates of Chinese and English bilingual enterprise website system. S-CMS bilingual decoration industry website v3.0po.asp page SQL injection...