Easytest SQL注入漏洞

Easytest is an online learning quiz platform of China's Hua Ju Digital Technology, Inc. Easytest is vulnerable to SQL injection, which can be exploited by attackers to inject SQL commands into the parameters of the learning history page after gaining user privileges to access all databases and ga...

Aruba ClearPass Policy Manager SQL注入漏洞

Aruba ClearPass Policy Manager is an application from Aruba, Inc. that provides a secure access management system for wireless networks.A SQL injection vulnerability exists in Aruba ClearPass Policy Manager, which stems from a remote SQL injection vulnerability in Aruba ClearPass Policy Manager. ...

Enalean Tuleap Open Alm SQL注入漏洞

Enalean Tuleap Open Alm is a free and open source tool from Enalean France. End-to-end traceability for application and system development. A SQL injection vulnerability exists in Community Edition version 11.16.99.173 and Enterprise Edition versions prior to 11.16-6 and 11.15-8 of Enalean Tuleap...

ZZCMS SQL注入漏洞

ZZCMS is a content management system CMS from the Zzcms team in China.ZZCMS version 2019 is vulnerable to a SQL injection vulnerability that originates from a missing validation of externally entered SQL statements in the id parameter on the application's /dl/dlprint.php page. An attacker could u...

ZOHO ManageEngine OpManager SQL注入漏洞

ZOHO ManageEngine OpManager is an end-to-end integrated network management software that enables comprehensive, visual, unified and centralized monitoring and management of IT infrastructure, including network devices, servers, hosts, WAN links, applications and services, within an enterprise...

mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2021)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

Open Solutions For Education openSIS SQL注入漏洞

openSIS is a free, open source student information system/school management software. A SQL injection vulnerability exists in the ADDRCONTUSRN, ADDRCONTPSWD, SECNCONTUSRN, SECNCONTPSWD parameters in HoldAddressFields.php in openSIS version 8.0. An attacker can exploit this vulnerability to obtain...

rConfig SQL注入漏洞

rConfig is an open source network device configuration management utility . A SQL injection vulnerability exists in rConfig version 3.9.6. An attacker can exploit this vulnerability to upload a webshell to the server and access it remotely...

Subrion CMS SQL注入漏洞

Subrion is a powerful and easy-to-use PHP content management system with powerful features such as full-source editing, per-page permissions, user activity monitoring, etc. A SQL injection vulnerability exists in visual-mode in Subrion version 4.2.1. An attacker can use this vulnerability to obta...

Hotel-Mgmt-System SQL注入漏洞

Hotel-Mgmt-System is a hotel management system. A SQL injection vulnerability exists in Raymart DG / Ahmed Helal Hotel-mgmt-system, where a malicious attacker can retrieve sensitive database information and interact with the database using the vulnerable cid parameter in processupdateprofile.php...

Lodging Reservation Management System SQL注入漏洞

Lodging Reservation Management System is an open source accommodation reservation management system that is vulnerable to attackers using SQL injection to bypass authentication via username and password fields to grant any user access to privileges...

CVE-2021-41845

A SQL injection issue was discovered in ThycoticCentrify Secret Server before 11.0.000007. The only affected versions are 10.9.000032 through 11.0.000006...

CVE-2020-21012

Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the email parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details...

PuneethReddyHc Online Shopping System Advanced SQL注入漏洞

PuneethReddyHc Online Shopping System Advanced is an open source online shopping system from the individual developers at Puneeth Reddy HC in India. PuneethReddyHc Online Shopping System Advanced suffers from a SQL injection vulnerability that originates in the /homeaction.php catid parameter...

The vulnerability of SonicWall SMA series 100 network firewall microprogramming software, related to the lack of protection for SQL query structures, allows attackers to gain unauthorized access to protected information.

The vulnerability of SonicWall SMA 100 network firewall microprogramming software is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

WordPress SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on PHP and MySQL servers. A SQL injection vulnerability exists in WordPress Page Contact plugin 1.0 and earlier versions, which ste...

The vulnerability of the software’s image generation function for monitoring IT infrastructure in Centreon allows a hacker to execute arbitrary SQL commands.

The vulnerability of the software’s image generation function for monitoring IT infrastructure in Centreon relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands by executing the script...

The vulnerability of the software used to implement the hypertext environment in the Centreon IT infrastructure monitoring software allows a hacker to execute arbitrary SQL commands.

The vulnerability of the software for implementing the hypertext environment in the Centreon IT infrastructure monitoring software is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands...

The vulnerability of the Fortinet FortiPortal security analysis and management tool lies in the lack of validation for XML object sequences, allowing attackers to execute arbitrary SQL commands.

The vulnerability of the Fortinet FortiPortal security analysis and management tool lies in the lack of verification of the validity of XML objects’ sequences. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands using specially crafted HTTP requests...

ZOHO ManageEngine ADSelfService Plus SQL注入漏洞

ZOHO ManageEngine ADSelfService Plus is ZOHO's integrated self-service password management and single sign-on solution for Active Directory and cloud applications. A SQL injection vulnerability exists in ZOHO ManageEngine ADSelfService Plus 6111 and prior versions, which can be exploited by an...