CVE-2018-9247

The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php in Gxlcms QY v1.0.0713 allows remote attackers to execute arbitrary SQL statements via the sql parameter. Consequently, an attacker can execute arbitrary PHP code by placing it after a ?php substring, and then using INTO OUTFILE wit...

CVE-2018-7735

Afian FileRun before 2018.02.13 suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=metadata&section=cpanel&page=listfiletypes request...

CVE-2018-7735

Afian FileRun before 2018.02.13 suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=metadata&section=cpanel&page=listfiletypes request...

CVE-2018-7734

Afian FileRun before 2018.02.13 suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=users&section=cpanel&page=list request...

CVE-2017-5814

A remote sql injection authentication bypass in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found...

CVE-2017-5814

CVE-2017-5814 is a remote SQL injection authentication bypass affecting HPE Network Automation versions 9.1x, 9.2x, 10.0x, 10.1x and 10.2x. The vulnerability stems from a SQL injection flaw used to bypass authentication, enabling an attacker to potentially access the application and back-end data...

CVE-2017-5810

CVE-2017-5810 is a remote SQL injection in HP Network Automation, affecting 9.1x, 9.2x, 10.0x, 10.1x and 10.2x. The issue arises in the RedirectServlet due to insufficient sanitization of certain HTTP request parameters, enabling an unauthenticated or remote attacker to inject SQL and potentially...

CVE-2017-5810

A remote sql injection vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found...

CVE-2017-14738

FileRun version 2017.09.18 and below suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module under the search function...

WordPress Membership Simplified SQL Injection Vulnerability

WordPress Membership Simplified is a WordPress-specific membership plugin developed by American software developer William. A SQL injection vulnerability exists in the code of the membership-simplified-for-oap-members-only/updateDB.php file in WordPress Membership Simplified version 1.58, which...

Wordpress plugin image-gallery-with-slideshow SQL injection vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. Wordpress plugin image-gallery-with-slideshow SQL injection vulnerability, the vulnerability stems from the program failing t...

WordPress Event Expresso Free SQL Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.Event Expresso Free is one of the event management plugin. A SQL injection vulnerability exists in WordPress Event...

UBUNTU-CVE-2017-14242

SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the statut parameter...

CVE-2016-5742

SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

dotCMS 'stName' Parameter SQL Injection Vulnerability

dotCMS is a content management system CMS developed in Java. A SQL injection vulnerability exists in the 'stName' parameter in dotCMS versions prior to 3.3.2, which allows remote attackers to execute arbitrary SQL commands via the stName parameter in api/content/save/1...

Schoolhos CMS v2.29 - userberita SQL injection Vulnerability

Document Title: =============== Schoolhos CMS v2.29 - userberita SQL injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1932 Release Date: ============= 2016-11-22 Vulnerability Laboratory ID VL-ID: ==================================...

phpIPAM <= 1.2.1 Multiple Vulnerabilities

phpIPAM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpipam:phpipam"; ifdescription...

vBulletin forumrunner/includes/moderation.php SQL Injection Vulnerability

VBulletin is a powerful, flexible and fully customizable suite of forum programs. A SQL injection vulnerability exists in the forumrunner/includes/moderation.php file in versions of vBulletin prior to 4.2.2 Patch Level 5 and prior to 4.2.3 Patch Level 1. A remote attacker can exploit this...

PHPCollab CMS 2.5 - (emailusers.php) SQL Injection

Exploit for php platform in category web applications Document Title: =============== phpCollab v2.5 CMS - SQL Injection Vulnerability Product & Service Introduction: =============================== phpCollab is an open source internet-enabled system for use in projects that require collaboration...

Hi Technology & Services CMS SQL Injection Vulnerability

Hi Technology & Services CMS suffers from a SQL injection vulnerability that allows remote attackers to execute malicious sql commands to connect to dbms...