SQL Injection Vulnerability in Xiaowei OA v2.0

Xiaowei OA system is Beijing Xiaowei Help Technology Co., Ltd. to provide mobile office platform for small and medium-sized enterprises. SQL injection vulnerability exists in Xiaowei OA v2.0, which can be exploited by attackers to obtain sensitive information from the database...

The vulnerability of the autonomous configuration tool for the visualization and control system “U.motion Builder” arises from deficiencies in protecting the SQL query structure, allowing attackers to execute arbitrary SQL commands.

The vulnerability of the autonomous configuration tool for the visualization and control system “U.motion Builder” stems from deficiencies in measures to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands remotely...

NexusPHP SQL Injection Vulnerability (CNVD-2017-220459)

NexusPHP is a resource sharing community solution written in PHP developed by the Nexus team in China. A SQL injection vulnerability exists in the takeconfirm.php file in NexusPHP version 1.5. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands with the 'conusr'...

NexusPHP SQL Injection Vulnerability

NexusPHP is a resource sharing community solution written in PHP developed by the Nexus team in China. SQL injection vulnerability in the massmail.php file in NexusPHP version 1.5. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands...

Quest KACE Systems Management Appliance SQL Injection Vulnerability

Quest KACE Systems Management Appliance is an IT asset management appliance from Quest Software, USA. A SQL injection vulnerability in the Quest KACE Asset Management Appliance allows remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain...

SQL Injection Vulnerability in Internet Security Management System of Qingdao Hengxin Technology Development Co.

Qingdao Hengxin Technology Development Co., Ltd. is positioned as a high-tech enterprise specializing in the research and development of computer network and information security technology products. Qingdao Hengxin Technology Development Co., Ltd. Internet security management system SQL injectio...

SQL Injection Vulnerability in SDMCS V1.1 Frontend

SDCMS is a PHP 3-in-1 website management system independently developed by Fireworks Network. SDMCS V1.1 SQL injection vulnerability exists in the front-end, due to the system does not effectively filter the data submitted by the user, the attacker can exploit the vulnerability to obtain sensitiv...

SQL Injection Vulnerability in MZD Web Platform of Changsha Spring Culture Communication Co.

MZD network platform software is Spring's set of years of practical experience in diskless network and the actual needs of customers, independent research and development completed a server/client mode operation, to provide professional diskless guidance services for the client's management...

SQL Injection Vulnerability in NETS9 Multi-Star System Reference Station Receiver Control Software of Guangzhou Nanfang Satellite Navigation Instrument Co.

The NETS9 is a multi-satellite system reference station receiver. A SQL injection vulnerability exists in the control software of the NETS9 multi-satellite system reference station receiver of Guangzhou Nanfang Satellite Navigation Instrument Co., Ltd. that could be exploited by an attacker to...

WordPress Loginizer SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A security vulnerability in WordPress Loginizer's handling of the X-Forwarded-For HTTP packet header allows remote attackers ...

SLiMS SQL Injection Vulnerability

SLiMS 8 Akasia is an open source, free library management system. An SQL injection vulnerability exists in the admin/AJAXlookuphandler.php file, the admin/AJAXcheckid.php file, and the admin/AJAXvocabolarycontrol.php file in SLiMS 8 Akasia 8.3.1 and earlier versions. A remote attacker can exploit...

ShopsN v3.0 SQL Injection Vulnerability in Frontend ProductController.class.php File

ShopsN is a free e-commerce open source system. ShopsN v3.0 beta3 version ProductController.class.php file contains a SQL injection vulnerability , due to the system failed to strictly filter the guess function . Remote attackers can exploit the vulnerability to obtain sensitive database...

ShopsN v2.0 frontend CartController.class.php file order_form function has SQL injection vulnerability

ShopsN free version of the B2C e-commerce is a product of Shanghai Yisu Network Technology Co. An open source online store in line with enterprise-class commercial standards of the whole network system. In ShopsN v2.0 beta2 version of the front-end CartController.class.php in the orderform functi...

LMS King Professional Component SQL Injection Vulnerability in Joomla!

Joomla! is an open source, cross-platform content management system developed using PHP and MySQL. A SQL injection vulnerability exists in the cpid parameter in Joomla! LMS King Professional, which can be exploited by attackers to access or modify database data...

Multiple vulnerabilities in phpcms V9 front and backend

PHPCMS is a web content management system based on PHP and Mysql architecture. PHPCMS V9.6.3 backend has a reflective XSS and SQL injection vulnerability that can bypass the CSRF defense and upload any script file under certain conditions...

VehicleWorkshop SQL Injection Vulnerability

VehicleWorkshop is an online vehicle management system based on PHP and MySQL. VehicleWorkshop suffers from a SQL injection vulnerability. An attacker could use the vulnerability to access or modify data, or exploit a potential vulnerability in the underlying database...

Hashtopus SQL Injection Vulnerability

Hashtopus is a cross-platform client-server tool for distributing hash table tasks between multiple computers. A SQL injection vulnerability exists in Hashtopus version 1.5g. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands with the help of the 'format' parameter...

Fiyo CMS SQL Injection Vulnerability (CNVD-2017-23890)

Fiyo CMS is a content management system CMS for creating CMS templates. A SQL injection vulnerability exists in the /apps/apparticle/controller/editor.php file in Fiyo CMS version 2.0.7. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands with the help of $POST'id'...

CVE-2017-1183

IBM Tivoli Monitoring Portal v6 could allow a local network adjacent attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. IBM X-Force ID: 123494...

SQL Injection Vulnerability in Hanchao B2B2C Multi-User Mall System

Hanchao B2B2C multi-user mall system is a PHP multi-user mall website system source code developed in PHP + MySQL. Hanchao B2B2C multi-user mall system Shopid parameter, ajaxshopinfo method SQL injection vulnerability exists because the system fails to strictly filter the parameters provided by t...