PT-2020-14930 · Sugarcrm · Sugarcrm

Name of the Vulnerable Software and Affected Versions: SugarCRM versions prior to 10.1.0 Description: The issue allows SQL Injection. Recommendations: For versions prior to 10.1.0, update to version 10.1.0 or later to resolve the issue...

IBM Financial Transaction Manager for High Value Payments for Multi-Platform SQL Injection Vulnerability

IBM Financial Transaction Manager for High Value Payments for Multi-Platform FTM HVP is a financial transaction manager for multi-platforms from IBM, USA. The product is primarily used to monitor, track and report on financial payments and transactions. A SQL injection vulnerability exists in IBM...

SQL Injection Vulnerability in OneKey Education Cloud Disk Service Platform of Orient Boguan (Beijing) Technology Co.

The OneKey Education Cloud Disk Service Platform supports multiple platforms such as Web, PC, and Android cell phone clients for cross-platform and cross-terminal file sharing and anytime, anywhere access. There is a SQL injection vulnerability in the OneKey Education Cloud Disk Service Platform ...

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The repository contains a variety of vulnerable environments, including Flask SSTI, Apache Parsing Vulnerability, and more. The target product/service or framework is not explicitly stated, but the environments are...

SQL Injection Vulnerability in the Website Building System of Tianze Culture Communication (Henan) Co.

Ltd. is a network service company that provides Internet network information services, engages in Internet value-added services, and provides enterprises with customized network solutions, website construction, network promotion and other services. There is a SQL injection vulnerability in the...

Waychar Enrollment System SQL Injection Vulnerability by Waychar Internet Technology Development Team

Waychar Enrollment System is a PHP/MYSQL based enrollment system. Waychar Enrollment System by Waychar Internet Technology Development Team suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database...

SQL Injection Vulnerability in Tuan Ah VIP Movie System

Tuan ah VIP movie system is a set of VIP movie video watching website source code with registered member agent version, mobile adaptive access. Tuan ah VIP movie system SQL injection vulnerability, attackers can use this vulnerability to obtain sensitive database information...

Exploit for Improper Input Validation in Joomla Joomla\!

CMS-Hunter 简介 Content Management System Vulnerability Hunter 说明：目前来看，本项目会进行长期维护，有修改的建议或者想法欢迎联系作者。 CMS 漏洞列表 Discuz - Discuz＜3.4birthprovince前台任意文件删除 DedeCMS - DedeCMSv5.7shopsdelivery存储型XSS - DedeCMSv5.7carbuyaction存储型XSS - DedeCMSv5.7友情链接CSRFGetShell - DedeCMS V5.7 SP2后台存在代码执行漏洞 Drupal -...

SQL Injection Vulnerability in the Most Earthly Group Buying System

The most earth group-buying system is the most professional and powerful GroupOn mode of free open source group-buying system platform. The most earth group-buying system SQL injection vulnerability , an attacker can exploit the vulnerability to obtain sensitive information in the database...

SQL Injection Vulnerability in Jinwei Supermarket Cashiering System (CNVD-2020-22751)

Jinwei Supermarket Cashier System is a code-sweeping cashier tool designed for small and medium-sized supermarkets and community convenience stores. SQL injection vulnerability exists in Jinwei Supermarket Cashier System, which can be exploited by attackers to obtain sensitive information from th...

phpMyChat Plus SQL Injection Vulnerability

PhpMyChat is a simple chat system developed by a foreign team. A SQL injection vulnerability exists in phpMyChat Plus, which can be exploited by attackers to obtain sensitive information...

SQL Injection Vulnerability in the Construction System of Chengdu Dragon Culture Media Co.

Founded in 2008, Chengdu Multiply Dragon Culture Media Co., Ltd. is a professional search engine website ranking and optimization company. There is a SQL injection vulnerability in the website construction system of Chengdu Dragon Culture Media Co., Ltd, which can be exploited by attackers to...

WiKID Systems 2FA Enterprise Server SQL Injection Vulnerability

WiKID Systems 2FA Enterprise Server is a two-factor authentication server from WiKID Systems, USA. A SQL injection vulnerability exists in the processPref.jsp file in WiKID 2FA Enterprise Server 4.2.0-b2053 and prior versions. The vulnerability stems from a database-based application that lacks...

WordPress searchterms-tagging-2 plugin SQL injection vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. searchterms-tagging-2 is an SEO Search Engine Optimization plugin used in it. The WordPress searchterms-tagging-2 plugin suffers...

Multiple vulnerabilities in WordPress Plugin "wpDataTables Lite"

Overview WordPress Plugin "wpDataTables Lite" provided by TMS-Plugins contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2019-6011 SQL Injection CWE-89 - CVE-2019-6012 Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to the developer and...

CVE-2019-12681

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could...

SQL Injection Vulnerability in Youdot Enterprise Website Management System

Youdot Enterprise Website Management System is an enterprise management system developed by Changsha Youdot Software Technology Co. There is a SQL injection vulnerability in YouPoint Enterprise Website Management System, which can be exploited by attackers to obtain sensitive information from the...

WordPress FV Flowplayer Video Player SQL Injection Vulnerability (CNVD-2019-27431)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.FV Flowplayer Video Player is a video player plugin used in it. A SQL injection vulnerability exists in WordPress FV...

PT-2019-17683 · Nextcloud · Nextcloud Android App

Name of the Vulnerable Software and Affected Versions: Nextcloud Android app versions prior to 3.0.0 Description: The issue allows for the destruction of a local cache when a harmful query is executed, requiring the user to reset up the account. This occurs due to SQL Injection in the Nextcloud...

SQL Injection Vulnerability in Zhongshan Zhike Network Brand Planning Website Building System

Zhongshan Zhike Network Brand Planning is a company that mainly deals with website construction, software development, VI design, domain name, server and other projects. Zhongshan Zhike Network Brand Planning website building system has a SQL injection vulnerability, which can be exploited by...