SQL Injection Vulnerability in NetDoit of Acuity Brands Creative Marketing Ltd.

NetDoit is a small CMS system developed by php+mysql. The product newsdetail.php?id= exists SQL injection vulnerability, the injection parameter is id, the attacker can use the vulnerability to obtain database sensitive information...

SQL Injection Vulnerability in Type Parameters of Penta Digital Campus System

Penta Digital Campus System is using the technology platform of .NET+SqlServer. A SQL injection vulnerability exists in the /Student/xsxk/MessageView.aspx page of the Penda Digital Campus System. The lack of filtering of the 'type' parameter allows an attacker to exploit the vulnerability to obta...

SQL Injection Vulnerability in Netqi CMS Web Management System 6.0

Netqi CMS website management system is a set of CMS system developed by Netqi, this system is developed using ASP.NET kernel. The system's ip/ajax.apsx page has an SQL injection vulnerability that allows arbitrary users to obtain database information...

PT-2016-4508 · Huge It · Huge-It Portfolio Gallery Manager

Name of the Vulnerable Software and Affected Versions: Huge-IT Portfolio Gallery manager version 1.1.0 Description: The issue concerns SQL Injection and XSS in the Huge-IT Portfolio Gallery manager. No further details are provided about the nature of the issue, affected devices, or real-world...

SQL Injection Vulnerability in bjbh Parameter of EAP Digital Campus Integration Management Platform of Guangzhou Zhongda Dongri Education Technology Co.

EAP platform, abbreviated as EAP Enterprise Application Platform, enterprise application platform, also known as enterprise management software platform, is a highly open, integrated with a number of enterprise management software modules. Guangzhou CUHK Dongri Education Technology Co., Ltd. EAP...

TYPO3 GN Tactics Planner Extension SQL Injection Vulnerability

TYPO3 is a free and open source content management system. A SQL injection vulnerability exists in TYPO3 GN Tactics Planner Extension due to the program failing to adequately clean up user input. An attacker could exploit the vulnerability to access or modify data...

SQL Injection Vulnerability in ID Parameters of Dynamic Easy Network Campus System

Dynamic easy network campus system is based on the actual application needs of customers in the education industry Dynamic easy to provide a complete set of school website application solutions, set "home-school interaction, knowledge sharing, teaching aids," in one, to assist the school website ...

CVE-2016-5817

SQL injection vulnerability in news pages in Cargotec Navis WebAccess before 2016-08-10 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

Multiple vulnerabilities in the Joomla! Huge-IT Image Gallery extension (CNVD-2016-05734)

Joomla! is the U.S. Open Source Matters team developed a set of open source content management system CMS, the system provides RSS feeds , site search and other features . Huge-IT Image Gallery is one of the image gallery extension plug-ins . A SQL injection vulnerability and a cross-site scripti...

SQL Injection Vulnerability in Remote DBMail Mail Server

DBMail is a database-enabled enterprise mail system developed by TeleSoft. A SQL injection vulnerability exists in Telezine DBMail Mail Server V5.0 updated 2016.07.08. The vulnerability is allowed to be exploited by an attacker to gain access to sensitive database information...

SQL Injection Vulnerability in Shanghai Yongcan CMS

Shanghai Yongcan CMS is a website building system for major enterprises, schools and social organizations. Shanghai Yongcan CMS suffers from SQL injection vulnerability, through which an attacker can obtain database information, resulting in the leakage of sensitive information...

Rexroth Bosch BLADEcontrol-WebVIS SQL Injection Vulnerability

Rexroth Bosch BLADEcontrol is a web-based HMI system. Rexroth Bosch BLADEcontrol has a SQL injection vulnerability in database operations that could lead to control of the database server or remote code execution...

SQL Injection Vulnerability in Communication Application Server username Parameter of Shenou Communication Equipment Co.

Shenou Communication Equipment Co., Ltd. is a national non-regional enterprise integrating R&D, production, sales and service. Communication Application Server SOC1000 model products are softswitch servers for IP networks, supporting voice, fax and video at the same time. Shenou Communication...

SQL injection vulnerability in the coursewares.htm?recommend= parameter of the distance learning platform of Shenzhen Tengchuang Network Technology Co.

Tengchuang Internet Distance Education Platform is an online knowledge trading platform centered on real-time interactive online classroom, combining powerful functions such as courseware on-demand, course transaction, online payment, and online examination, etc. for students and teachers in...

Apache Ranger SQL Injection Vulnerability

Apache Ranger is a set of architectures for implementing comprehensive security measures for Hadoop clusters, providing centralized security policy management for core enterprise security requirements such as authorization, billing and data protection. Apache Ranger suffers from a SQL injection...

biweb SQL Injection Vulnerability

BIWEB Business Intelligence Website System is a website system relying on ArthurXF enterprise application-level PHP development framework, developed and designed by the Shanghai NetWorks Network Information Co., Ltd. is a rapid development, simple and easy to use object-oriented enterprise...

SQL Injection Vulnerability in a System of Anhui Business Network

Anhui Business Network Information Industry Co., Ltd. is a professional high-tech Internet technology service provider. A system SQL injection vulnerability in Anhui Business Network allows attackers to exploit this vulnerability to obtain data volume sensitive information...

Pref Shimane CMS vulnerable to SQL injection

Overview Pref Shimane CMS is an open-source Contents Management System CMS. Pref Shimane CMS contains an SQL injection vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A logged in...

SQL Injection and Arbitrary File Upload Vulnerabilities in Rural Electronic Monitoring Platform of Beijing Zhongnong Xinda Information Technology Co.

Beijing Zhongnong Xinda Information Technology Co., Ltd. is a provider of comprehensive services for three rural informatization, and the Rural Electronic Monitoring Platform is one of the company's monitoring platforms. A SQL injection and arbitrary file upload vulnerability exists in the Rural...

SQL Injection Vulnerability in Panmicro E-office /E-mobile/create/ajax_do.php Parameters

Panmicro E-office is an OA product launched by Panmicro for small and medium-sized organizations. A SQL injection vulnerability exists in the Panmicro E-office /E-mobile/create/ajaxdo.php parameter, which can be exploited by an attacker to obtain sensitive information from the database...