The vulnerability in the web interface of the Cisco Unified Communications Manager IM & Presence Service allows a perpetrator to execute arbitrary SQL queries.

The vulnerability of the Web interface for managing the Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P is related to the lack of security measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL...

CentOS Web Panel SQL注入漏洞

CentOS Web Panel CWP is a free web hosting control panel from the Control Web Panel community. A SQL injection vulnerability exists in CentOS Web Panel that allows unprivileged users to attack via the idsession, an HTTP POST parameter...

Progress Software MOVEit Transfer SQL注入漏洞

Progress Software MOVEit Transfer is a suite of file transfer software from Progress Software, USA. A SQL injection vulnerability exists in Progress MOVEit Transfer versions prior to 2021.0, which could be exploited by an authenticated attacker to gain unauthorized access to the MOVEit Transfer...

Moodle SQL注入漏洞

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. Moodle suffers from a SQL injection vulnerability that allows a remote administrator to send specially designed requests to the affect...

KonaWiki SQL注入漏洞

KonaWiki is a lightweight Wiki system. The system is primarily used for writing manuscripts, keeping minutes and memos, etc. A SQL injection vulnerability exists in KonaWiki2 prior to version 2.2.4. The vulnerability stems from the program not performing sufficient cleansing of user-supplied data...

Liferay Enterprise Portal SQL注入漏洞

Liferay Enterprise Portal is an application system from Liferay USA. It provides a showcase for e-commerce functionality. A SQL injection vulnerability exists in Liferay Enterprise Portal version 7.3.5. The vulnerability stems from the program not adequately cleaning up user-supplied data in the...

Hexagon Intergraph G!NIUS SQL注入漏洞

Hexagon Intergraph G!NIUS is an industrial control device from the Swedish company Hexagon. A sensor. A SQL injection vulnerability exists in Hexagon Intergraph G!NIUS prior to version 5.0.0.0. The vulnerability stems from a lack of validation of externally entered SQL statements in database-base...

CVE-2020-27229

A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findPersonID parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this...

CVE-2021-1363

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper validation of user-submitted...

meshery SQL注入漏洞

meshery is a software application. A multi-service grid management plane that provides lifecycle, configuration and performance management of service grids and their workloads. Layer5 Meshery 0.5.2 suffers from a SQL injection vulnerability that can be exploited by an attacker to execute arbitrar...

PHPSHE Mall System SQL注入漏洞

PHPSHE is a set of online shopping mall system of China Lingbao Jane Hao Network Technology PHPSHE Company. The system supports express tracking, online chat, order evaluation and statistics and other functions. A security vulnerability exists in PHPSHE Mall System v1.7 that allows remote attacke...

Qnap Systems QNAP NAS running Multimedia Console SQL注入漏洞

Qnap Systems QNAP NAS running Multimedia Console is an application from China Weilian Qnap Systems. A multimedia console. A security vulnerability exists in QNAP NAS running Multimedia Console, which can be exploited by an attacker to obtain application information...

CVE-2021-30175

ZEROF Web Server 1.0 April 2021 allows SQL Injection via the /HandleEvent endpoint for the login page...

Eaton Intelligent Power Manager SQL注入漏洞

Eaton Intelligent Power Manager IPM is an intelligent power manager from Eaton Corporation that supports remote monitoring and management of multiple devices in a network from an interface. An SQL injection vulnerability exists in Eaton Intelligent Power Manager versions prior to 1.69, which is...

The vulnerability of the AVEVA Enterprise Data Management Web (eDNA Web) software platform, related to the lack of measures taken to protect the SQL query structure, allows a hacker to execute arbitrary SQL commands.

The vulnerability of the AVEVA Enterprise Data Management Web eDNA Web software platform is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands remotely...

WordPress和Sprymedia DataTables SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.Sprymedia DataTables is a JavaScript library for converting HTML tables to dynamic tables from the UK company...

The vulnerability of the Accellion FTA security system, which stems from the lack of measures to protect the SQL query structure, allows attackers to execute arbitrary SQL code and gain unauthorized access to protected information.

The vulnerability of the Accellion FTA security system lies in the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary SQL code and gain unauthorized access to protected information using a specially...

CVE-2021-30000

An issue was discovered in LATRIX 0.6.0. SQL injection in the txtaccesscode parameter of inandout.php leads to information disclosure and code execution...

Piwigo SQL注入漏洞

Piwigo is a free and open source web photo album software. A SQL injection vulnerability exists in versions prior to Piwigo 11.4.0. An attacker can exploit this vulnerability by using the language parameter of admin.php?page=languages to conduct a SQL injection attack...

The vulnerability of the Citrix XenMobile Server, a system for managing corporate mobile devices, stems from the lack of protective measures for the SQL query structure. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the Citrix XenMobile Server, a system for managing corporate mobile devices, is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected informatio...