SQL Injection Vulnerability in State Micro CMS opinion-wzxz

State Micro CMS is one of the mainstream CMS systems in China, and is also the largest open source platform provider in the field of PHP in Southern China. A SQL injection vulnerability exists in State Micro CMS opinion-wzxz. An attacker can exploit this vulnerability to obtain sensitive...

Pragyan CMS SQL Injection Vulnerability (CNVD-2017-34577)

Pragyan CMS is a multi-user, modular PHP and MySQL based Content Management System CMS. The system supports custom built-in frameworks, user group rights management, search engine optimization and more. A SQL injection vulnerability exists in Pragyan CMS version 3.0. A remote attacker can exploit...

SQL Injection Vulnerability in ShopsN v2.0 Frontend OrderController.class.php File

ShopsN is a free e-commerce open source system. ShopsN v2.0 official version of the front-end OrderController.class.php file SQL injection vulnerability . As the system fails to effectively filter the addrdel function. A remote attacker can exploit the vulnerability to obtain sensitive informatio...

SQL injection vulnerability in Ocean CMS \admin\admin_ajax.php page

Ocean Movie Management System seacms, Ocean CMS is a video-on-demand system designed for webmasters with different needs. Ocean CMS \admin\adminajax.php page SQL injection vulnerability. The vulnerability is due to the system failing to effectively filter the data submitted by the user. An attack...

CVE-2017-12731

A SQL Injection issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. The application is vulnerable to injection of...

SQL Injection Vulnerability in Hanchao B2B2C Multi-User Mall System v2.1.6

Hanchao B2B2C multi-user mall system is a PHP multi-user mall website system source code developed in PHP + MySQL. Hanchao B2B2C Multi-User Mall System v2.1.6 suffers from a SQL injection vulnerability. An attacker can exploit this vulnerability to obtain database information...

IBM Tivoli Monitoring Portal SQL Injection Vulnerability

IBM Tivoli Monitoring ITM is a suite of system monitoring software from IBM in the United States. The software supports the detection of system bottlenecks and potential problems, performance monitoring of basic system resources, and automatic recovery from critical situations. IBM Tivoli...

CVE-2017-2241

SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to execute arbitrary SQL commands via "File Transfer Web Service"...

SQL Injection Vulnerability in Message Board Module of State Micro CMS Government Website System

SMi CMS Government Website System is a website system for governments, schools and groups. There is a SQL injection vulnerability in the message board module of SMiCMS government website system. Due to insufficient filtering of parameters, attackers can exploit the vulnerability to execute...

NetApp OnCommand Unified Manager Core Package SQL Injection Vulnerability

NetApp OnCommand Unified Manager Core Package is an OnCommand series of management software from American NetApp. A SQL injection vulnerability exists in NetApp OnCommand Unified Manager Core Package. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands...

Cell Phone Remote Lighting Monitoring System SQL Injection Vulnerability in txtUsername Parameter

Mobile Remote Lighting Monitoring System is a lighting monitoring system from China Electronic Technology Group Corporation. A SQL injection vulnerability exists in the Mobile Remote Lighting Monitoring System. The lack of filtering of the 'txtUsername' parameter allows an attacker to exploit the...

Lepton Add_droplets Parameter SQL Injection Vulnerability

Lepton is a set of tools for lossless compression of JPEG format files. A SQL injection vulnerability exists in the Lepton Adddroplets parameter, which could be exploited by an attacker to compromise an application, access or modify data, or exploit a potential vulnerability in the underlying...

pycsw SQL Injection Vulnerability

pycsw is a system written in python that implements OGC CSW server functionality. It runs on all major platforms Windows, Linux, Mac OS X. Pycsw suffers from a SQL injection vulnerability, which can be exploited by an attacker to take control of the application, access or modify data, or exploit...

TYPO3 TC Directmail SQL Injection Vulnerability

TYPO3 is a free and open source content management system maintained by the Swiss TYPO3 Association. A SQL injection vulnerability exists in TYPO3 TC Directmail. The vulnerability is caused due to the program failing to properly filter user-supplied input, allowing an attacker to exploit the...

CVE-2016-1000125

Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla...

Joomla! com_bt_media Component SQL Injection Vulnerability

Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. The system provides RSS feeds , site search and other functions . A SQL injection vulnerability exists in the categories0 parameter of the index/php page of the Joomla! combtmedia...

PHPIPAM SQL Injection Vulnerability

phpipam is a set of open source PHP and MySQL based IP address management application IPAM. A cross-site scripting vulnerability exists in phpipam version 1.2.1, which can be exploited by an attacker to compromise the application, access or modify data, or exploit potential vulnerabilities in the...

SQL injection vulnerability in the zwkm parameter of the modifyzdjb.jsp page of the ilasIII digital library system of Shenzhen Ketu Automation New Technology Application Company.

Integrated Library Automation System ILAS is the Ministry of Culture in 1988 as a national key scientific and technological projects issued by the Shenzhen Library to undertake and organize the development of a set of libraries at home and abroad to adapt to different levels, a variety of scales,...

vBulletin forumrunner/includes/moderation.php SQL Injection Vulnerability

VBulletin is a powerful, flexible and fully customizable suite of forum programs. A SQL injection vulnerability exists in the forumrunner/includes/moderation.php file in versions of vBulletin prior to 4.2.2 Patch Level 5 and prior to 4.2.3 Patch Level 1. A remote attacker can exploit this...

SQL Injection Vulnerability in Asset Management System sysbh Parameter of Jinan Guozi Digital Technology Co.

Asset management system of Jinan Guozi Digital Technology Co., Ltd. is a set of sharing and management platform for precision instruments or large instruments. The product suffers from SQL injection vulnerability, the vulnerability URL is: http://host/dxyqsyspt/sysDetail.aspx?sysbh=000001 The...