SQL Injection Vulnerability in TEMMOKUMVC of Pizhou Tianmu Network Technology Co.

TEMMOKUMVC is Pizhou Tianmu Network Technology Co., Ltd. developed a professional PHP + MYSQL products, using the independent MVC framework for large and small and medium-sized enterprises of the open source MVC. Pizhou Tianmu Network Technology Co., Ltd TEMMOKUMVC SQL injection vulnerability,...

UFIDA NC suffers from SQL injection vulnerability (CNVD-2020-69451)

UFIDA NC is a large erp enterprise management system and e-commerce platform. UFIDA NC suffers from a SQL injection vulnerability. An attacker can exploit this vulnerability to obtain sensitive information from the database...

VMware VMWare SD-WAN Orchestrator SQL Injection Vulnerability

VMware VMWare SD-WAN Orchestrator is a software for orchestrating network data flows in a software-defined network architecture. A SQL injection vulnerability exists in VMware VMWare SD-WAN Orchestrator, which can be exploited by a remote attacker to submit a special SQL request to manipulate a...

SQL Vulnerability in KKCMS

KKCMS is an open source video capture and playback system. The system is mainly used to automatically collect film and television resources and provide online playback capabilities. KKCMS has a SQL vulnerability. Attackers can use the vulnerability to obtain sensitive information in the database...

Hibernate ORM vulnerable to SQL injection

Overview Hibernate ORM is an ORM framework for Java. Hibernate ORM can be configured hibernate.usesqlcomments to true, which is false by default to add comments to generated SQL statements, aimed at debugging purpose. When hibernate.usesqlcomments is configured to true, malicious input may produc...

Vmware VMWare SD-WAN Orchestrator SQL注入漏洞

VMware VMWare SD-WAN Orchestrator is a software for orchestrating network data flows in a software-defined network architecture. A SQL injection vulnerability exists in VMware VMWare SD-WAN Orchestrator, which can be exploited by a remote attacker to submit a special SQL request to manipulate a...

Cisco IoT Field Network Director SQL Injection Vulnerability

Cisco IoT Field Network Director IoT-FND is an end-to-end IoT management system from Cisco USA. The system features device management, asset tracking and smart metering. Cisco IoT Field Network Director suffers from a SQL injection vulnerability that results from insufficient input validation of...

Cxuucms SQL注入漏洞

Cxuucms is a PHP-based content relationship building system. cxuucms v3 suffers from a SQL injection vulnerability that originates from leaking all database data via search.php via the keyword parameter. No detailed vulnerability details are available at this time...

CVE-2020-28133

An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0. There was authentication bypass in web login functionality allows an attacker to gain client privileges via SQL injection in salesinventory/login.php...

Sourcecodester SourceCodester Grocery Store Sales And Inventory System SQL注入漏洞

Sourcecodester SourceCodester Grocery Store Sales And Inventory System is a grocery store sales and inventory management system from SourceCodester USA. A SQL injection vulnerability exists in SourceCodester Grocery Store Sales And Inventory System version 1.0, which can be exploited by an attack...

Sourcecodester SourceCodester Water Billing System SQL注入漏洞

SourceCodester Water Billing System is a water billing system from SourceCodester USA. A SQL injection vulnerability exists in SourceCodester Water Billing System version 1.0, which stems from a failure of the program to properly validate user input, and allows an attacker to perform SQL injectio...

CVE-2020-5659

SQL injection vulnerability in the XooNIps 3.49 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors...

SQL injection vulnerability in Shield Spirit Commodity Promotion System front-end ad***_up***.php page

Shield Spirit commodity promotion system can be applied to multiple types of public number, personal or business subscription number and service number can be used, easy to docking all kinds of public number, through the WeChat public number of the relevant interfaces configured to come into effe...

SQL Injection Vulnerability in Shield Spirit Commodity Promotion System Frontend sh***.php Page

Shield Spirit commodity promotion system can be applied to multiple types of public number, personal or business subscription number and service number can be used, easy to docking all kinds of public number, through the WeChat public number of the relevant interfaces configured to come into effe...

SQL Injection Vulnerability in Shield Spirit Commodity Promotion System Frontend ko***.php Page

Shield Spirit commodity promotion system can be applied to multiple types of public number, personal or business subscription number and service number can be used, easy to docking all kinds of public number, through the WeChat public number of the relevant interfaces configured to come into effe...

Victor CMS suffers from SQL injection vulnerability (CNVD-2020-66854)

Victor CMS is a simple content management system. Victor CMS suffers from a SQL injection vulnerability that can be exploited by attackers to obtain sensitive information about a database...

Command execution vulnerability exists in MyuCMS (CNVD-2020-67557)

MyuCMS front-end is built with UIkit framework, back-end is built with layui back-end framework and back-end is developed with PHP+MYSQL. MyuCMS has a command execution vulnerability that can be exploited by attackers to gain server control privileges...

SQL Injection Vulnerability in bycms Content Management System

Beyoncms bycms content management system is a content management system. The bycms content management system suffers from a SQL injection vulnerability. An attacker can exploit this vulnerability to gain server control privileges...

PT-2023-3325 · Moodle +2 · Moodle +2

Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: The issue exists due to insufficient sanitization of user-supplied data in the external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected...

mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete

A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user's connection and insert unauthorized SQL commands in MySQL Connectors and other products...