WordPress Oturia Smart Google Code Inserter Plugin SQL Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Oturia Smart Google Code Inserter plugin is used in one of the meta-tagging validation to add plug-ins. A SQL...

Multiple SolarWinds Products SQL Injection Vulnerabilities

SolarWinds Storage Manager, SolarWinds Storage Profiler and SolarWinds Backup Profiler are all products of SolarWinds, Inc. SolarWinds Storage Manager is a web-based data storage management software that integrates storage monitoring, reporting, alarming and predictive analytics, etc. Storage...

CVE-2017-17824

The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batchmanagerunit.php elementids parameter in unit mode. An attacker can exploit this to gain access to the data in a connected MySQL database...

Quest NetVault Backup 'NVBUBackup TimeRange' Method SQL Injection Vulnerability

Quest NetVault Backup is a suite of data backup software from Quest Software, USA. A SQL injection vulnerability in the handling of NVBUBackup TimeRange method requests in Quest NetVault Backup versions prior to 11.4.5 stems from the program's failure to properly detect user-submitted strings pri...

SQL Injection Vulnerability in Shanghai Sizen GPS Global Positioning Monitoring and Dispatching System

Shanghai Sizen GPS Global Positioning Monitoring and Dispatching System is a set of integrated GPS, GIS, GPRS or CDMA1X and compatible with GSM technology to provide users with mobile target positioning, monitoring, scheduling, alarming, information communication and other services. SQL injection...

CVE-2017-17589

FS Thumbtack Clone 1.0 has SQL Injection via the browse-category.php cat parameter or the browse-scategory.php sc parameter...

CVE-2017-17600

Basic B2B Script 2.0.8 has SQL Injection via the productdetails.php id parameter...

CVE-2017-14356

An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL injection...

WordPress Mojoomla WPGYM WordPress Gym Management System SQL Injection Vulnerability

WordPress is a blogging platform developed in PHP by the WordPress Software Foundation, which supports setting up personal blog sites on servers with PHP and MySQL.Mojoomla WPGYM WordPress Gym Management System is one of the gym management systems. WordPress Mojoomla WPGYM WordPress Gym Managemen...

CVE-2017-13669

SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the setanswered parameter to staffbox.php...

Trend Micro Control Manager SQL Injection Vulnerability (CNVD-2017-20422)

Trend Micro Control Manager is the centralized management console for managing Trend Micro products and services. A SQL injection vulnerability in Trend Micro Control Manager allows remote attackers to submit specially crafted SQL queries to manipulate or obtain database data...

SQL Injection Vulnerability in PHPSHE B2C Mall System v1.5

PHPSHE mall system is a combination of product display, online shopping, order management, payment management, article management, customer consultation and feedback and other functions, and provides easy operation, practical features, quickly allow users to establish a personalized online store,...

Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager SQL Injection Vulnerabilities

Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network Manager EPNM are both products of the U.S. Cisco Cisco.PI is a set of solutions for wireless management through Cisco Prime LAN Management Solution LMS and Cisco Prime Network Control System NCS technologies; EPNM is a network...

Pivotal Cloud Foundry and UAA SQL Injection Vulnerabilities

Pivotal Cloud Foundry PCF and UAA are both products of US-based Pivotal Software. The former is a set of open source Platform-as-a-Service PaaS cloud computing platforms that provide features such as container scheduling, continuous delivery and automated service deployment, while the latter is a...

ZOHO ManageEngine Applications Manager SQL Injection Vulnerability (CNVD-2017-05226)

ZOHO ManageEngine Applications Manager is a set of application performance monitoring software from the U.S. company ZOHO ZOHO. A SQL injection vulnerability exists in ZOHO ManageEngine Applications Manager versions 12 and 13. A remote attacker can exploit this vulnerability to execute arbitrary...

YXcmsApp V1.4.3 SQL Injection Vulnerability in Background Deletion of Guestbooks

Yxcms is an enterprise building system based on PHP and mysql technology. A SQL injection vulnerability exists in YXcmsApp V1.4.3 at the background deletion of guestbooks. The lack of filtering of the 'delid' parameter allows attackers to exploit the vulnerability to obtain sensitive database...

SQL Injection Vulnerability in Zaoyang City Shanshui Digital Website Building System

Zaoyang City Landscape Digital Studio is a company that integrates website construction, software development, network marketing, graphic design, website operation, enterprise post office, space domain name service and film and television filming services. A SQL injection vulnerability exists in...

WordPress Kama Plugin Click Counter SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress Kama plugin Click Counter version 3.4.9, which can be exploited by...

eClinicalWorks Patient Portal SQL Injection Vulnerability (CNVD-2017-01321)

eClinicalWorks Patient Portal is a product for healthcare applications from eClinicalWorks, Inc. that provides patients with a secure means of communicating to view their Personal Health Record PHR, view lab results, and more. An SQL injection vulnerability exists in the template.jsp file in...

Exponent CMS SQL Injection Vulnerability (CNVD-2016-10804)

Exponent is a web content management system. Multiple SQL injection vulnerabilities exist in the framework/modules/core/controllers/expRatingController.php/update method in Exponent CMS version 2.4.0, which can be exploited by an authenticated remote user to execute arbitrary SQL commands via the...