CVE-2017-17897

SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter...

PT-2017-15082 · Dolibarr · Dolibarr Erp/Crm

Name of the Vulnerable Software and Affected Versions: Dolibarr ERP/CRM version 6.0.4 Description: A SQL injection issue allows remote attackers to execute arbitrary SQL commands. The issue is related to the id parameter in the comm/multiprix.php file. Recommendations: For version 6.0.4, consider...

F5 BIG-IP Advanced Firewall Manager Configuration utility SQL Injection Vulnerability

F5 BIG-IP Advanced Firewall Manager AFM is a firewall manager from F5 USA that scales to stop high-volume DDoS attacks that can overwhelm load balancers, firewalls, and even networks.The Configuration utility... An SQL injection vulnerability exists in Configuration utility in F5 BIG-IP AFM. A...

Ecava IntegraXor SQL Injection Vulnerability (CNVD-2017-37693)

Ecava IntegraXor is a toolset for creating and running human-machine interfaces for Web-based SCADA systems. Ecava IntegraXor suffers from a SQL injection vulnerability that can be exploited by an attacker to compromise an application, access or modify data, or exploit a potential vulnerability i...

Quest NetVault Backup SQL Injection Vulnerability (CNVD-2017-37634)

Quest NetVault Backup is a suite of data backup software from Quest Software, USA. A SQL injection vulnerability in the handling of NVBUBackup ClientList method requests in Quest NetVault Backup versions prior to 11.4.5 stems from the program's failure to properly detect user-submitted strings...

Quest NetVault Backup SQL Injection Vulnerability (CNVD-2017-37630)

Quest NetVault Backup is a suite of data backup software from Quest Software, USA. A SQL injection vulnerability exists in the handling of NVBUBackup Get method requests in Quest NetVault Backup versions prior to 11.4.5, which stems from the program failing to properly detect user-submitted strin...

Quest NetVault Backup SQL Injection Vulnerability (CNVD-2017-37642)

Quest NetVault Backup is a suite of data backup software from Quest Software, USA. A SQL injection vulnerability in the handling of NVBUTransferHistory Get method requests in Quest NetVault Backup versions prior to 11.4.5 stems from the program's failure to properly detect user-submitted strings...

Quest NetVault Backup 'NVBUBackupOptionSet Get' Method SQL Injection Vulnerability

Quest NetVault Backup is a suite of data backup software from Quest Software, USA. An SQL injection vulnerability exists in the handling of NVBUBackupOptionSet Get method requests in Quest NetVault Backup, which stems from the program failing to properly validate user-submitted strings before...

Apple Web Design's iWeb 5.1 Responsive Website System Has SQL Injection Vulnerability

Apple Web Design is a web marketing company that integrates web marketing, keyword marketing and other web marketing companies. An SQL injection vulnerability exists in Apple Web Design's iWeb 5.1 responsive website system. The vulnerability is caused due to the system failing to effectively filt...

PHP Scripts Mall Doctor Search Script SQL Injection Vulnerability

PHP Scripts Mall Doctor Search Script is a PHP based online doctor search website script by PHP Scripts Mall India. A SQL injection vulnerability exists in PHP Scripts Mall Doctor Search Script version 1.0. The vulnerability can be exploited by a remote attacker to inject SQL commands by sending...

FS Quibids Clone SQL Injection Vulnerability

FS Quibids Clone is a set of online auction website scripts based on PHP and MySQL. A SQL injection vulnerability exists in FS Quibids Clone version 1.0. A remote attacker can inject SQL commands by sending the 'productid' parameter to the itechd.php file...

PHP Scripts Mall Yoga Class Script SQL Injection Vulnerability

PHP Scripts Mall Yoga Class Script is a PHP-based yoga class management script for yoga centers from PHP Scripts Mall India. A SQL injection vulnerability exists in PHP Scripts Mall Yoga Class Script version 1.0. A remote attacker can exploit this vulnerability to inject SQL commands...

PHP Scripts Mall Event Search Script SQL Injection Vulnerability

PHP Scripts Mall Event Search Script is a PHP based online event registration script from PHP Scripts Mall India. The script can be embedded into a website and accept online event bookings from other organizations or companies. A SQL injection vulnerability exists in PHP Scripts Mall Event Search...

PHP Scripts Mall Freelance Website Script SQL Injection Vulnerability

PHP Scripts Mall Freelance Website Script is a set of PHP based freelance online job search, recruitment website script by PHP Scripts Mall India. A SQL injection vulnerability exists in PHP Scripts Mall Freelance Website Script version 2.0.6. The vulnerability can be exploited to inject SQL...

PHP Scripts Mall Co-work Space Search Script SQL Injection Vulnerability

PHP Scripts Mall Co-work Space Search Script is a set of PHP based shared space search script by PHP Scripts Mall India. The script supports users to list workspace websites, amenities, location details, contact information etc. A SQL injection vulnerability exists in PHP Scripts Mall Co-work Spa...

Zhengzhou DynaSky Culture Communication Co., Ltd. website construction system SQL injection vulnerability

Zhengzhou Prime Technology Co., Ltd. specializes in providing customers with online business solutions in the field of information technology. Zhengzhou DynaSky Culture Communication Co., Ltd. website construction system has a SQL injection vulnerability, which can be exploited by attackers to...

CVE-2017-17609

Chartered Accountant Booking Script 1.0 has SQL Injection via the /service-list city parameter...

Techno Portfolio Management Panel 'id' SQL Injection Vulnerability

Techno is a portfolio management administration panel. A SQL injection vulnerability exists in Techno Portfolio Management Panel 'id'. An attacker can exploit this vulnerability to inject SQL commands via a single.php?id= request...

SQL Injection Vulnerability in Website Building System of Suzhou Leyi Network Technology Co.

Suzhou Leyi Network Technology Co., Ltd. is a network company specializing in enterprise website construction and e-commerce services, providing network promotion and marketing in one of the professional services. Suzhou Leyi Network Technology Co., Ltd. website building system SQL injection...

SQL Injection Vulnerability in NetMizer Log Management System dologin.php File

The NetMizer log management system is a stand-alone log management and analysis tool. A SQL injection vulnerability exists in the NetMizer Log Management System dologin.php file. The vulnerability is due to the system failing to effectively filter user-submitted data. An attacker is allowed to...