ClinicCases SQL注入漏洞

ClinicCases is an open source case management system designed for law school clinics. ClinicCases version 7.3.3 suffers from a SQL injection vulnerability that allows a low-privilege attacker to execute arbitrary SQL commands via vulnerable parameters...

Vulnerabilities fixed in F5 BIG-IP

Vulnerabilities have been fixed in F5 BIG-IP. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution User Rights SQL Injection Access to...

Philips Healthcare Tasy Electronic Medical RecordSQL注入漏洞

Philips Healthcare Tasy Electronic Medical Record EMR is a comprehensive healthcare informatics solution that addresses all areas of the healthcare environment, connecting the dots between clinical and non-clinical areas of the healthcare continuum. philips Healthcare Tasy Electronic Medical Reco...

SQLite 缓冲区错误漏洞

SQLite is a self-sufficient, serverless, zero-configuration, transactional SQL database engine. idxGetTableInfo function in SQLite version 3.36.0 is vulnerable to a segmentation error. An attacker could exploit the vulnerability via a specially crafted SQL query to cause a denial of service...

EARCLINK ESPCMS SQL注入漏洞

Honghu Erchuang Netlink Information Technology EARCLINK ESPCMS is an enterprise website building system from China's Honghu Erchuang Netlink Information Technology Company. A SQL injection vulnerability exists in the espcmsweb/Search.php component of EARCLINK ESPCMS-P8, which can be exploited by...

Wordpress Plugin Broken Link Manager SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A SQL injection vulnerability exists in Wordpress Plugin Brok...

WordPress plugin SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. WordPress plugin M Vslider SQL injection...

Local Services Search Engine Management System SQL注入漏洞

Local Services Search Engine Management System is a local services search engine management system. Local Services Search Engine Management System Project 1.0 suffers from a SQL injection vulnerability that arises from a database-based application that lacks validation of externally entered SQL...

CVE-2021-37358

SQL Injection in SEACMS v210530 2021-05-30 allows remote attackers to execute arbitrary code via the component "adminajax.php?action=checkrepeat&vname="...

SeaCMS SQL注入漏洞

SeaCMS is a free and open source web content management system written in PHP. The system is primarily designed to manage video-on-demand resources. A SQL injection vulnerability exists in SEACMS v210530, which stems from a lack of validation of externally entered SQL statements in database-based...

The vulnerability of U.motion’s sensor panel’s microprogramming software lies in the lack of protective measures for the SQL query structure, allowing attackers to execute arbitrary code.

The vulnerability of U.motion’s sensor panel’s microprogramming software is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

The vulnerability of the users.queries.php component of the TeamPass password manager allows a hacker to execute arbitrary SQL commands.

The vulnerability of the users.queries.php component of the TeamPass password manager is related to insufficient protection of the SQL query structure. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary SQL commands...

CVE-2020-20981

A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Metinfo 7.0 allows attackers to access sensitive database information...

Foxit Reader和Foxit PhantomPDF SQL注入漏洞

Foxit Reader and Foxit PhantomPDF are both PDF document readers from the Chinese company Foxit. A SQL injection vulnerability exists in Foxit Reader and PhantomPDF versions prior to 10.1.4. The vulnerability stems from a lack of validation of externally-entered SQL statements in database-based...

TYPO3 SQL注入漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the TYPO3 Typo3 association in Switzerland.TYPO3 is vulnerable to a SQL injection vulnerability that stems from a failure to properly encode user input. No detailed vulnerability details are currently available...

UBUNTU-CVE-2013-4717

Multiple SQL injection vulnerabilities in Open Ticket Request System OTRS Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm,...

rConfig SQL注入漏洞

rConfig is an open source network device configuration management utility. rConfig version 3.9.5 is vulnerable to a SQL injection vulnerability that stems from an unvalidated dbName parameter in ajaxDbInstall.php, which can be exploited by attackers to access sensitive database information...

Care2x2.7 Alpha SQL注入漏洞

Care2x2.7 Alpha is a software application. A hospital information management system. A SQL injection vulnerability exists in Care2x2.7 Alpha that stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker can exploit this vulnerability to...

The vulnerability of the Moodle management system, related to the failure to protect SQL queries, allows attackers to execute arbitrary code.

The vulnerability of the Moodle management system is related to the failure to implement measures to protect SQL queries. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted SQL queries remotely...

CVE-2021-37556

A SQL injection vulnerability in reporting export in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated but low-privileged attackers to execute arbitrary SQL commands via the include/reporting/dashboard/csvExport/csvHostGroupLogs.php start and end parameters...