1174 matches found
YouPHPTube catName parameter SQL injection vulnerability
YouPHPTube is a PHP-based video website system. youPHPTube is vulnerable to SQL injection in version 10.0 and earlier, which stems from the lack of validation of external input SQL statements for the catName parameter. An attacker could use this vulnerability to execute illegal SQL commands to...
WordPress Mangboard plugin SQL injection vulnerability
WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. WordPress Mangboard plugin has a SQL injection vulnerability, which originates from the lack of validation of external input SQL statements in order parameters, and can be used by attackers to...
ZZCMS SQL Injection Vulnerability (CNVD-2021-102064)
ZZCMS is a content management system CMS from the Zzcms team in China.ZZCMS version 2019 is vulnerable to a SQL injection vulnerability that originates from a missing validation of externally entered SQL statements in the id parameter on the application's /dl/dlprint.php page. An attacker could u...
CVE-2021-40842
Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. A malicious URL visited by anyone with network access to the...
Sql injection
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 203734...
PHPGurukul Apartment Visitors Management System SQL Injection Vulnerability
PHPGurukul Apartment Visitors Management System is an apartment visitor management system from the PHPGurukul team.A SQL injection vulnerability exists in PHPGurukul Apartment Visitors Management System version 1.0, which could be exploited by attackers to The vulnerability can be exploited to...
WordPress SQL injection vulnerability
WordPress is a set of blogging platforms developed by the WordPress Wordpress Foundation using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL.A SQL injection vulnerability exists in Wordpress Plugin Alipay, which stems from the product...
Sql injection
The JiangQie Official Website Mini Program WordPress plugin before 1.1.1 does not escape or validate the id GET parameter before using it in SQL statements, leading to SQL injection issues...
Support Board < 3.3.4 - Multiple Unauthenticated SQL Injections
The plugin does not escape multiple POST parameters such as statuscode, department, userid, conversationid, conversationstatuscode, and recipientid before using them in SQL statements, leading to SQL injections which are exploitable by unauthenticated users. PoC The login-cookie parameter is...
PT-2021-7497 · Mariadb +10 · Mariadb Server +10
Name of the Vulnerable Software and Affected Versions: MariaDB Server versions 10.7 and below Description: An issue in the component Create tmp table::finalize of MariaDB Server was discovered to allow attackers to cause a Denial of Service DoS via specially crafted SQL statements. The...
PT-2021-7500 · Mariadb +10 · Mariadb Server +10
Name of the Vulnerable Software and Affected Versions: MariaDB Server versions 10.6.2 and below Description: An issue in the component Arg comparator::compare real fixed was discovered to allow attackers to cause a Denial of Service DoS via specially crafted SQL statements. The vulnerability is...
J2eeFAST SQL注入漏洞
J2eeFAST is a Java EE enterprise-class rapid development platform , is committed to building the best small and medium-sized open source free backend framework platform . J2eeFAST 2.2.1 suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL...
WordPress Quiz Maker plugin SQL Injection Vulnerability
WordPress is a set of blogging platform developed by Wordpress Foundation using PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.Quiz Maker plugin is an application plugin for WordPress. A SQL injection vulnerability exists in WordPress Quiz Maker...
Fortinet FortiSandbox SQL注入漏洞
Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet, Inc. Fortinet FortiSandbox is vulnerable to SQL injection, a vulnerability that results from the product's failure to filter special characters in input data, which could be exploited to execute illegal...
Sql injection
The getfblikeboxes function in the Popup Like box – Page Plugin WordPress plugin before 3.5.3 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard...
Sql injection
The getportfolios and getportfolioattributes functions in the class-portfolio-responsive-gallery-list-table.php and class-portfolio-responsive-gallery-attributes-list-table.php files of the Portfolio Responsive Gallery WordPress plugin before 1.1.8 did not use whitelist or validate the orderby...
Sql injection
The getpollcategories, getpolls and getreports functions in the Poll Maker WordPress plugin before 3.2.1 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard...
WordPress WooCommerce Plugin SQL Injection
An SQL injection vulnerability exists in WordPress WooCommerce Plugin. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL statements on the affected system...
PHPGurukul Student Record System SQL注入漏洞
PHPGurukul Student Record System is an application that is vulnerable to SQL injection. The vulnerability stems from a lack of validation of external input SQL statements in the cid parameter of edit-course.php, which can be exploited by remote attackers to through to execute arbitrary SQL...
PHPGurukul Student Record System SQL Injection Vulnerability (CNVD-2022-58222)
PHPGurukul Student Record System is an application that is vulnerable to SQL injection in version 4.0 of the PHPGurukul Student Record System. The vulnerability stems from a lack of validation of external input SQL statements in the id parameter of edit-std.php, which can be exploited by remote...