CVE-2019-9204

SQL injection vulnerability in Nagios IM component of Nagios XI before 2.2.7 allows attackers to execute arbitrary SQL commands...

CVE-2017-18362

ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware payloads on all...

CVE-2019-6244

An issue was discovered in UsualToolCMS 8.0. cmsadmin/asqlbackx.php?t=sql allows CSRF attacks that can execute SQL statements, and consequently execute arbitrary PHP code by writing that code into a .php file...

CVE-2018-16803

In CIMTechniques CIMScan 6.x through 6.2, the SOAP WSDL parser allows attackers to execute SQL code...

Directory Traversal Vulnerability in Changchun Lingzhan Software Company's College Academic Affairs Management System v6.0

Changchun Lingzhan Software Co., Ltd. is a high-tech enterprise specializing in the development and sale of application software for the education industry. A directory traversal vulnerability exists in the Changchun Lingzhan Software Co. An attacker can exploit the vulnerability by traversing th...

youke365 SQL Injection Vulnerability

youke365 is an open source navigation management system. The admin/login.html page in version 1.1.5 of youke365 suffers from a SQL injection vulnerability that can be exploited by remote attackers to execute arbitrary SQL commands...

Wordpress Arigato Autoresponder and Newsletter SQL Injection Vulnerability

WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports personal blog sites on PHP and MySQL servers.Arigato Autoresponder and Newsletter is an autoresponder plugin that is used in... A SQL injection vulnerability exists in Wordpress...

Multiple Vulnerabilities in MySQL Smart Reports 'id'

MySQL Smart Reports is a complete solution for generating reports using existing MySQL databases. An attacker can exploit this vulnerability to execute arbitrary SQL commands. A SQL injection and cross-site scripting vulnerability exists in MySQL Smart Reports 'id'. An attacker can exploit this...

MySQL Blob Uploader 'home-filet-edit.php' SQL Injection Vulnerability

MySQL Blob Uploader is a database file upload script. MySQL Blob Uploader 'home-filet-edit.php' suffers from a SQL injection vulnerability that can be exploited by an attacker to execute arbitrary SQL commands...

CVE-2018-10351

A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRegistration2 class. Authentication is required to exploit this vulnerability...

CVE-2018-10352

A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formConfiguration class. Authentication is required to exploit this vulnerability...

ProjectPier PHP Remote File Inclusion Vulnerability

Project Pier is a free open source project management system . A PHP remote file inclusion vulnerability exists in the public/patch/patch.php file in Project Pier 0.8.8 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary commands or SQL statements with the...

phpMyAdmin Cross Site Request Forgery

Exploit Title: phpMyAdmin 4.8.0 Drop database 3. Solution: Upgrade to phpMyAdmin 4.8.0-1 or newer. 4. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10188...

The vulnerability of the policy.jsp script in the Email Encryption Gateway allows a hacker to execute arbitrary SQL queries.

The vulnerability of the policy.jsp script in the Email Encryption Gateway system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries using the hidEditld parameter...

DEBIAN-CVE-2018-10188

phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/dboperations.js, js/tbloperations.js, libraries/classes/Operations.php, and sql.php...

CVE-2018-10188

phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/dboperations.js, js/tbloperations.js, libraries/classes/Operations.php, and sql.php...

CSRF vulnerability allowing arbitrary SQL execution

PMASA-2018-2 Announcement-ID: PMASA-2018-2 Date: 2018-04-17 Summary CSRF vulnerability allowing arbitrary SQL execution Description By deceiving a user to click on a crafted URL, it is possible for an attacker to execute arbitrary SQL commands. Severity We consider this vulnerability to be...

GxlcmsQY Arbitrary PHP Code Execution Vulnerability

Gxlcms QY is an enterprise website creation system. A security vulnerability exists in the 'upsql' function in the \Lib\Lib\Action\Admin\DataAction.class.php file in Gxlcms QY version 1.0.0713. A remote attacker can exploit this vulnerability by executing arbitrary SQL statements with the help of...

CVE-2018-2373

Under certain circumstances, a specific endpoint of the Controller's API could be misused by unauthenticated users to execute SQL statements that deliver information about system configuration in SAP HANA Extended Application Services, 1.0...

[SECURITY] Fedora 26 Update: phpMyAdmin-4.7.7-1.fc26

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...