SQL Injection Vulnerability in PHPMyWind Backend

PHPMyWind is a PHP+MySQL based, W3C compliant website building engine for enterprise level website building. A SQL injection vulnerability exists in the backend of PHPMyWind. An attacker can exploit the vulnerability to obtain sensitive database information...

PbootCMS V1.2.1 SQL Injection Vulnerability in Frontend

PbootCMS is a new core open source enterprise building system developed by Avantech. PbootCMS V1.2.1 has a SQL injection vulnerability in the frontend, which can be exploited by attackers to obtain sensitive information...

Naviwebs Navigate CMS SQL Injection Vulnerability

Naviwebs Navigate CMS is an open source content management system CMS. A SQL injection vulnerability exists in the login.php file in Naviwebs Navigate CMS version 2.8. A remote attacker can exploit the vulnerability to bypass authentication...

The vulnerability of the Android operating system’s component loading manager allows attackers to disclose sensitive information that is protected by security measures.

The vulnerability of the Android operating system’s component loading manager is related to insufficient protection of the SQL query structure. Exploiting this vulnerability can allow a remote attacker to disclose sensitive information...

CVE-2018-1819

IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2, 3.0.4, 3.0.6, and 3.2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end databas...

Multiple vulnerabilities in Denbun

Overview Denbun provided by NEOJAPAN Inc. is a WebMail System. Denbun contains multiple vulnerabilities listed below. Hard-coded credentials for user account CWE-798 - CVE-2018-0680 Hard-coded credentials for the configuration management page CWE-798 - CVE-2018-0681 Improper session management...

Component AlphaIndex Dictionaries SQL Injection Vulnerability in Joomla!

Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. A SQL injection vulnerability exists in the Joomla! component AlphaIndex Dictionaries. The vulnerability is caused by an attacker inserting SQL commands into the query string of a w...

Component Collection Factory SQL Injection Vulnerability in Joomla!

Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. A SQL injection vulnerability exists in the Collection Factory component of Joomla! The vulnerability is caused by inserting SQL commands into the query string of a web form...

Component Swap Factory SQL Injection Vulnerability in Joomla!

Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. A SQL injection vulnerability exists in the Swap Factory component of Joomla! The vulnerability is caused by inserting SQL commands into the query string of a web form submission or...

Penny Auction Factory SQL Injection Vulnerability in Joomla!

Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. A SQL injection vulnerability exists in the Penny Auction Factory component of Joomla! The vulnerability is caused by inserting SQL commands into the query string of a web form...

Component Raffle Factory SQL Injection Vulnerability in Joomla!

Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. A SQL injection vulnerability exists in the Joomla! component Raffle Factory. The vulnerability is caused by inserting SQL commands into the query string of a web form submission or...

Joomla! CWJoomla CW Article Attachments SQL Injection Vulnerability

Joomla! is the U.S. Open Source Matters team developed a set of open source content management system CMS, the system provides RSS feeds, site search and other functions.CWJoomla CW Article Attachments is used in which an attachment to add management plug-ins. A SQL injection vulnerability exists...

SQL injection vulnerability in ShopsN open source online store full web system (CNVD-2018-21970)

ShopsN free version of the B2C e-commerce is a Shanghai Yisu Network Technology Co., Ltd. in line with the enterprise-level commercial standards full-featured really allow free commercial use of open source online store full network system. ShopsN v2.3.5 official version of the existence of SQL...

CVE-2018-17283

Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL...

SQL Injection Vulnerability in PbootCMS v1.2.1

PbootCMS is a new core open source enterprise building system developed by Avantech. PbootCMS v1.2.1 suffers from SQL injection vulnerability. Attackers can use the vulnerability to obtain sensitive information in the database...

zzcms SQL Injection Vulnerability (CNVD-2018-19742)

ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A SQL injection vulnerability exists in the /user/check.php file in ZZCMS version 8.3. A remote attacker can exploit this vulnerability to execute SQL commands with the help of Client-Ip HTTP packet header...

UCMS SQL Injection Vulnerability

UCMS is a content management system written in PHP. A SQL injection vulnerability exists in the install/index.php file in UCMS version 1.4.6. A remote attacker can exploit this vulnerability to execute SQL commands with the help of the 'mysqldbname' parameter...

Frappe ERPNext SQL Injection Vulnerability (CNVD-2019-17164)

Frappe ERPNext is an open source ERP Enterprise Resource Planning system. The system includes functions for financial management, inventory management, customer relationship management, project management and human resource management. A SQL injection vulnerability exists in the 'searchfield'...

CVE-2016-9048

Multiple exploitable SQL Injection vulnerabilities exists in ProcessMaker Enterprise Core 3.0.1.7-community. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially...

CVE-2018-16663

An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in parserelations in os/storage/antelope/aql-parser.c while parsing AQL storage of relations...