EUVD-2026-26881

A vulnerability was determined in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function GetQueryMachineGridOnePageData of the file /Base/BaseService.asmx/DataService. This manipulation of the argument SortOrder causes sql injection. The attack can be...

CVE-2026-7727

A vulnerability was determined in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function GetQueryMachineGridOnePageData of the file /Base/BaseService.asmx/DataService. This manipulation of the argument SortOrder causes sql injection. The attack can be...

Hoteam Product Data Management System 注入漏洞

The Hoteam Product Data Management System is a product data management system developed by Hoteam Corporation. Versions of the Hoteam Product Data Management System 8.3.9 and earlier had a injection vulnerability. This vulnerability stemmed from the operation of the GetQueryMachineGridOnePageData...

PT-2026-36756

Name of the Vulnerable Software and Affected Versions Shandong Hoteam Software PDM Product Data Management System versions prior to 8.3.10 Description A remote SQL injection can be initiated through the manipulation of the SortOrder argument. This issue affects the GetQueryMachineGridOnePageData...

EUVD-2006-6920

Malware in sbrugna...

EUVD-2006-4783

Malware in sbrugna...

EUVD-2010-2862

Malware in sbrugna...

CVE-2024-36428

OrangeHRM 3.3.3 allows admin/viewProjects sortOrder SQL injection...

CVE-2024-36428

OrangeHRM 3.3.3 allows admin/viewProjects sortOrder SQL injection...

CVE-2024-5314

Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters sortorder y sortfield in...

Dolibarr ERP/CRM SQL注入漏洞

Dolibarr ERP/CRM is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. A SQL injection vulnerability exists in Dolibarr ERP/CRM versi...

Authenticated (user role) SQL injection in `OrderAndPaginate` (GHSL-2023-270)

Summary The OrderAndPaginate function is used to order and paginate data. It is defined as follows: go func OrderAndPaginatec gin.Context funcdb gorm.DB gorm.DB return funcdb gorm.DB gorm.DB sort := c.DefaultQuery"order", "desc" order := fmt.Sprintf"%s %s", DefaultQueryc, "sortby", "id", sort db ...

Advantech iView exportInventoryTable SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the NetworkServlet...

CVE-2021-43789

PrestaShop is an Open Source e-commerce web application. Versions of PrestaShop prior to 1.7.8.2 are vulnerable to blind SQL injection using search filters with orderBy and sortOrder parameters. The problem is fixed in version 1.7.8.2...

CVE-2014-3992

Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the 1 entity parameter in an update action to user/fiche.php or 2 sortorder parameter to user/group/index.php...

PT-2014-5659 · Dolibarr · Dolibarr Erp/Crm

Name of the Vulnerable Software and Affected Versions: Dolibarr ERP/CRM version 3.5.3 Description: The issue allows remote authenticated users to execute arbitrary SQL commands. This can be achieved via the entity parameter in an update action to "user/fiche.php" or the sortorder parameter to...

Netsweeper WebAdmin Portal CSRF / XSS / SQL Injection

Exploit Title: Netsweeper WebAdmin Portal CSRF, Reflective XSS, and SQL Injection "The later"\ Date: Discovered and reported CSRF and XSS 4/2012 and "The later" 7/2012\ Author: Jacob Holcomb/Gimppy042\ Software Link: Netsweeper Inc. - Netsweeper Internet Filter www.netsweeper.com\ CVE :...

Sql injection

Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the 1 sortfield, 2 sortorder, and 3 sall parameters to user/index.php and b user/group/index.php; the id parameter to 4 info.php, 5 perms.php, 6...

vBulletin vBExperience 3.0 'sortorder' Parameter XSS Vulnerability - Active Check

vBulletin vBExperience is prone to a cross-site scripting XSS vulnerability because it fails to sufficiently sanitize user-supplied data. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

CVE-2006-6937

SQL injection vulnerability in displaypic.asp in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary SQL commands via the sortorder parameter...