ZZCMS 8.3 version zs***.php file has SQL injection vulnerability

ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A SQL injection vulnerability exists in the zs.php file of ZZCMS version 8.3. An attacker can exploit the vulnerability to obtain sensitive information from the database...

OpenEMR SQL Injection Vulnerability (CNVD-2018-17196)

OpenEMR is an open source medical management system maintained by the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. A SQL injection vulnerability exists in the...

SQL Injection Vulnerability in nucms V1.1

nucms is a content management system based on PHP+MYSQL technology developed by Liaocheng Leadsun Network Technology Co. nucms V1.1 version of SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive information...

SQL Injection Vulnerability in the Query of the Opinion Collection Module of SMi CMS Group Web Group System

State Micro CMS is one of the mainstream CMS systems in China, and is also the largest open source platform provider in the field of PHP in Southern China. SQL injection vulnerability exists in the query of the opinion collection module of the State Micro CMS group station group system. Attackers...

SQL Injection Vulnerability in Shenzhen PointClear Information Technology PointClear MIS Management Information System

PointClear MIS Management Information System is an enterprise-level instant messaging platform launched by PointClear. Shenzhen PointClear Information Technology PointClear MIS Management Information System suffers from SQL injection vulnerability, which can be exploited by attackers to obtain...

Zhengzhou Kintechnology Co., Ltd. website building system has SQL injection vulnerabilities

Zhengzhou Prime Technology Co., Ltd. specializes in providing customers with online business solutions in the field of information technology. Zhengzhou DynaSky Culture Communication Co., Ltd. website construction system has a SQL injection vulnerability, which can be exploited by attackers to...

Dingwei iPower CMS has multiple vulnerabilities

Dingwei iPower CMS is a website system developed by Chongqing Dingwei Network Technology Co. Dingwei iPower CMS exists SQL injection, XSS cross-site scripting vulnerabilities, the background management system also exists user guessing, ultra-rights access and other vulnerabilities, attackers can...

E-Sic SQL Injection Vulnerability (CNVD-2018-10474)

E-Sic is a Brazilian electronic system for citizen information. A SQL injection vulnerability exists in E-Sic version 1.0. A remote attacker can exploit this vulnerability by sending the 'f' parameter to the esiclivre/restrito/inc/buscacep.php file to execute arbitrary SQL commands...

SQL Injection Vulnerability in Website Construction System of Ningxia Hongfeng Network Technology Co.

Ningxia Hongfeng Network Technology Co., Ltd. is Ningxia Yinchuan area specializing in Internet services nature of the enterprise, to provide enterprise website construction, personal website production, 400 telephone for, website revision, website promotion, SEO keyword optimization, e-commerce...

iScripts eSwap SQL Injection Vulnerability

IScripts eSwap is an item trading program from IScripts Inc. that supports the use of virtual currency or direct item exchange. The program supports the use of virtual currencies to trade or directly exchange items.User Panel is one of the user panels. A SQL injection vulnerability exists in...

zzcms SQL Injection Vulnerability (CNVD-2018-06859)

ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A security vulnerability exists in ZZCMS version 8.2. An attacker can use the 'id' parameter in adv2.php?action=modify request to inject SQL commands and obtain passwords...

YzmCMS SQL Injection Vulnerability

YzmCMS is an open source CMS Content Management System developed by Chinese programmer Yuan Zhimeng. A SQL injection vulnerability exists in the \application\admin\controller\updateurls.class.php file in YzmCMS version 3.6. A remote attacker can exploit this vulnerability by sending a 'catids'...

Multiple SQL Injection Vulnerabilities in Saifor CVMS HUBs

Saifor CVMS HUB is a data center visual management system from the Saifor team in Spain. Multiple SQL injection vulnerabilities exist in Saifor CVMS HUB version 1.3.1. A remote attacker can exploit this vulnerability by sending multiple parameters to /cvms-hub/privado/seccionesmib/secciones.xhtml...

Worry-Free Shopping System ASP General Edition suffers from SQ Injection Vulnerability

Hassle-free shopping system ASP General Edition is a shopping site based on ASP/Access development of general management system set up. Worry-Free Shopping System ASP General Edition suffers from SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database...

SQL Injection Vulnerability in the Enterprise Website System of Zhongshan Tengning Network Technology Co.

Zhongshan TENNING Network Technology Co., Ltd. is a professional and technical company focusing on enterprise website construction, promotion, WeChat development, focusing on providing SMEs with the most cost-effective website building services. TENNING Network Technology Co., Ltd. corporate...

CVE-2017-17823

The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php orderby array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database...

Quest NetVault Backup SQL Injection Vulnerability (CNVD-2017-37638)

Quest NetVault Backup is a suite of data backup software from Quest Software, USA. A SQL injection vulnerability in the handling of NVBUPhaseStatus Count method requests in Quest NetVault Backup versions prior to 11.4.5 stems from the program's failure to properly detect user-submitted strings...

PHP Scripts Mall Realestate Crowdfunding Script SQL Injection Vulnerability

PHP Scripts Mall Realestate Crowdfunding Script is a PHP based real estate crowdfunding website script by PHP Scripts Mall India. A SQL injection vulnerability exists in PHP Scripts Mall Realestate Crowdfunding Script version 2.7.2. A remote attacker can exploit the vulnerability by sending the...

SQL Injection Vulnerability in Opensns CheckInController.class.php Page

OpenSNS is a lightweight social user center framework based on OneThink. The system adheres to a minimalist design style and focuses on communication. A SQL injection vulnerability exists in the Opensns CheckInController.class.php page. An attacker can exploit the vulnerability to obtain sensitiv...

Jiangxi Talent Software Technology Co., Ltd. enterprise station building system with SQL injection vulnerability

Jiangxi Talent Software Technology Co., Ltd. enterprise station-building system is a station-building system. Jiangxi Talent Software Technology Co., Ltd. enterprise station building system SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive information in the...