851 matches found
ZZCMS SQL注入漏洞
ZZCMS is a content management system CMS from the Zzcms team in China.ZZCMS version 2019 is vulnerable to SQL injection, which stems from the lack of effective filtering and escaping of SQL statements in the subzs.php component. An attacker could use this vulnerability to execute illegal SQL...
ZZCMS SQL注入漏洞
ZZCMS is a content management system CMS from the Zzcms team in China.ZZCMS version 2019 is vulnerable to a SQL injection vulnerability that originates from a missing validation of external input SQL statements in the dlid parameter on the application's /dl/dlprint.php page. An attacker could use...
CVE-2020-20692
GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $GET parameter in /src/core/controllers/cm.php...
Vulnerabilities fixed in Kaseya Virtual System Administrator (VSA)
Vulnerabilities have been fixed in Kaseya VSA. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Bypassing authentication Remote code execution Administrator/Root rights SQL Injection Access to sensitive data...
CVE-2020-25362
The id paramater in Online Shopping Alphaware 1.0 has been discovered to be vulnerable to an Error-Based blind SQL injection in the /alphaware/details.php path. This allows an attacker to retrieve all databases...
CVE-2020-27232
An exploitable SQL injection vulnerability exists in ‘manageServiceStocks.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...
OpenClinic GA SQL注入漏洞
OpenClinic GA is an open source hospital integrated information management system . An SQL injection vulnerability exists in the code parameter in getAssets.jsp in OpenClinic GA version 5.173.3. An attacker can exploit this vulnerability by sending an HTTP request to perform a SQL injection attac...
VulnCheck KEV: CVE-2021-27101
Accellion FTA contains a SQL injection vulnerability exploited via a crafted host header in a request to documentroot.html...
MyBB SQL注入漏洞
MyBB is a free open source forum software. A SQL injection vulnerability exists in the Copy Forums feature of the Forum Manager in versions of MyBB prior to 1.8.26. No detailed vulnerability details are available at this time...
Evolucare Ecsimaging SQL Injection Vulnerability
Evolucare Ecsimaging is a mobile application for viewing medical radiology images from the French company Evolucare. A SQL injection vulnerability exists in Evolucare Ecsimaging version 6.21.5 and earlier versions in the login form and password forget form, which can be exploited to obtain data...
SQL Injection Vulnerability in JeecgBoot Frontend
JeecgBoot is a low-code BPM-based platform. A SQL injection vulnerability exists in the frontend of JeecgBoot. An attacker can exploit the vulnerability to obtain sensitive database information...
SQL injection vulnerability in the background lo***.php page of Shield Spirit merchandise promotion system
Shield Spirit commodity promotion system can be applied to multiple types of public number, personal or business subscription number and service number can be used, easy to docking all kinds of public number, through the WeChat public number of the relevant interfaces configured to come into effe...
SQL Injection Vulnerability in Shield Spirit Commodity Promotion System Frontend he***.php Page
Shield Spirit commodity promotion system can be applied to multiple types of public number, personal or business subscription number and service number can be used, easy to docking all kinds of public number, through the WeChat public number of the relevant interfaces configured to come into effe...
Vulnerability fixed in Nexpose
A vulnerability has been fixed in Nexpose. The vulnerability allows an authenticated malicious party to execute an SQL injection to execute and thereby obtain sensitive data. Rapid7 has released updates to fix the vulnerability. More information can be found on the page below:...
SQL Injection Vulnerability in Shield Spirit Original Article Submission System 1.0
Shield Spirit Original Article Submission System 1.0 is a concise submission system. Shield Spirit Original Article Submission System 1.0 suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database...
SQL Injection Vulnerability in ZZCMS2020 Backend (CNVD-2020-59409)
ZZCMS is a content management system. A SQL injection vulnerability exists in the backend of ZZCMS2020, which can be exploited by attackers to obtain sensitive information from the database...
SQL Injection Vulnerability in the Management Platform of Internet Service Establishments of Harbin Zhonglong Baiying Technology Development Co.
Harbin Zhonglong Baiying Technology Development Co., Ltd. was founded on May 29, 2013, mainly engaged in computer hardware and software, office automation equipment, security equipment and so on. Harbin Zhonglong Baiying Technology Development Co., Ltd. has a SQL injection vulnerability in the...
SQL Injection Vulnerability in Shield Spirit Original Article Submission System 1.0 Backend
Shield Spirit Original Article Submission System 1.0 is a concise submission system. Shield Spirit Original Article Submission System 1.0 has a SQL injection vulnerability in the background, which can be exploited by attackers to obtain sensitive information from the database...
CVE-2020-13505
Parameter psClass in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability...
openSIS SQL Injection Vulnerability
openSIS is a free, open source student information system/school management software. A SQL injection vulnerability exists in the email parameter in EmailCheck.php in openSIS 7.3. An attacker can exploit this vulnerability by sending an HTTP request to perform a SQL injection attack...