CVE-2018-17393

SQL Injection exists in HealthNode Hospital Management System 1.0 via the id parameter to dashboard/Patient/info.php or dashboard/Patient/patientdetails.php...

HPE Intelligent Management Center (IMC) SQL Injection Code Execution Vulnerability (CNVD-2019-24550)

HPE Intelligent Management Center IMC is a comprehensive management platform built from the ground up to support the Failure, Configuration, Accounting, Performance and Security FCAPS model. A readListBySql SQL injection code execution vulnerability exists in HPE Intelligent Management Center IMC...

HPE Device Entitlement Gateway SQL Injection Vulnerability

HPE Device Entitlement Gateway DEG is a set of device entitlement management solutions from Hewlett Packard Enterprise HPE. A SQL injection vulnerability exists in HPE DEG versions 3.2.4, 3.3, and 3.3.1, which can be exploited by remote attackers to inject SQL commands and elevate privileges...

SQL Injection Vulnerability in Rice CMS V6.0.1

DAMI CMS is a PC building station and cell phone building station integrated all-in-one system. A SQL injection vulnerability exists in Daimi CMS V6.0.1, which stems from a failure to filter input parameters and can be exploited by an attacker to perform a time-delayed injection...

WordPress Plugin Gift Voucher SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress plugin Gift Voucher, which can be exploited by an attacker to obtain...

Taxonomy Entity Queue - Critical - SQL Injection - SA-CONTRIB-2018-052

This module enables you to create an entityqueue based on a taxonomy. The module did not properly use Drupal's database API when querying the database with user supplied values, allowing an attacker to send a specially crafted request to modify the query or potentially perform additional queries...

Micro Focus Secure Messaging Gateway Web administration and quarantine component SQL injection vulnerability

Micro Focus Secure Messaging Gateway SMG is a suite of outbound and inbound protection software for enterprise networks and messaging systems from Micro Focus, UK. The product includes features such as virus protection, anti-spam, anti-DDos attacks, and image analysis.Web administration is one of...

CA Privileged Access Manager SQL Injection Vulnerability

CA Privileged Access Manager is a privileged access manager from CA USA that centralizes privileged user policies across multiple physical and virtual environments and manages and controls access to IT resources. An input validation vulnerability exists in version 2.x of CA Privileged Access...

Harmis Ek rishta SQL Injection Vulnerability in Joomla!

Joomla! is an open source content management system CMS developed by the Open Source Matters team in the U.S. The system provides RSS feeds, site search, etc. Harmis Ek rishta aka ek-rishta is used in one of the wedding dating site plugin. A SQL injection vulnerability exists in the router.php fi...

Trend Micro Smart Protection Server SQL Injection Vulnerability

Trend Micro Smart Protection Server Standalone is a server that provides smart protection from Trend Micro. A SQL injection vulnerability exists in version 3.x of Trend Micro Smart Protection Server Standalone, which originates from a program that fails to properly detect user-submitted strings...

Trend Micro Email Encryption Gateway SQL Injection Vulnerability

Trend Micro Email Encryption is a suite of identity-based email encryption solutions from Trend Micro, Inc. The Trend Micro Email Encryption Gateway TMEEG is one of the gateway products that provides data protection. A SQL injection vulnerability exists in the formChangePass class in Trend Micro...

Trend Micro Email Encryption Gateway SQL Injection Vulnerability (CNVD-2018-10479)

Trend Micro Email Encryption is a suite of identity-based email encryption solutions from Trend Micro, Inc. The Trend Micro Email Encryption Gateway TMEEG is one of the gateway products that provides data protection. A SQL injection vulnerability exists in the formConfiguration class in Trend Mic...

Pradeep Makone wordpress Support Plus Responsive Ticket System SQL Injection Vulnerability

WordPress is a suite of blogging platforms from the WordPress Software Foundation developed using the PHP language, which supports setting up personal blog sites on servers with PHP and MySQL.Pradeep Makone wordpress Support Plus Responsive Ticket System is a set of Responsive Ticket System for...

Bacula-web SQL Injection Vulnerability

Bacula-Web is a suite of web-based applications for reporting and monitoring Bacula backup software. A SQL injection vulnerability exists in Bacula-Web versions prior to 8.0.0-rc2. A remote attacker could exploit this vulnerability to access the Bacula database and elevate privileges...

IBM Maximo Asset Management and Maximo Asset Management Essentails SQL Injection Vulnerabilities

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control over these assets.IBM Maximo Asse...

CVE-2018-6928

PHP Scripts Mall News Website Script 2.0.4 has SQL Injection via a search term...

CVE-2018-5972

SQL Injection exists in Classified Ads CMS Quickad 4.0 via the keywords, placeid, cat, or subcat parameter to the listing URI...

CVE-2018-5977

SQL Injection exists in Affiligator Affiliate Webshop Management System 2.1.0 via a search/?q=&pricetype=range&price= request...

SQL Injection Vulnerability in Guangzhou Jinpeng Software Technology Co.

Guangzhou Jin Peng Software Technology Co., Ltd. is a high-tech company specializing in software system design, development and sales. Guangzhou Jin Peng Software Technology Co., Ltd. enterprise website building system SQL injection vulnerability, attackers can use the vulnerability to execute...

CVE-2017-12729

A SQL Injection issue was discovered in Moxa SoftCMS Live Viewer through 1.6. An improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability has been identified. Attackers can exploit this vulnerability to access SoftCMS without knowing the user's password...