Jinan Yuxia Information Technology Co., Ltd. website building system SQL injection vulnerability

Jinan Yuxia Information Technology Co., Ltd. to the Internet products and related services as the main direction, is a collection of website construction and network promotion, IDC business, software development, server hosting, telecommunications value-added services and other integrated service...

openSIS SQL Injection Vulnerability (CNVD-2020-51259)

openSIS is a free, open source student information system/school management software. A SQL injection vulnerability exists in the GetSchool.php function in openSIS 7.3. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to conduct a SQL injection attack...

F5 BIG-IP AFM Configuration Tool SQL Injection Vulnerability

The F5 BIG-IP AFM is an advanced firewall device. The F5 BIG-IP AFM configuration tool suffers from a sql injection vulnerability that can be exploited by remote attackers to submit a special SQL request to manipulate a database, which can be used to obtain sensitive information or execute...

YouDianCMS suffers from SQL injection vulnerability (CNVD-2020-56377)

YouDianCMS set computer website, mobile website, micro letter, APP, small program in one, share space, data automatic synchronization, is the domestic open source five station one excellent solution. YouDianCMS has SQL injection vulnerability, attackers can use the vulnerability to obtain databas...

YouDianCMS suffers from SQL injection vulnerability (CNVD-2020-56376)

YouDianCMS set computer website, mobile website, micro letter, APP, small program in one, share space, data automatic synchronization, is the domestic open source five station one excellent solution. YouDianCMS has SQL injection vulnerability, attackers can use the vulnerability to obtain databas...

The vulnerability of the designer/move.js file of the phpMyAdmin web application for database management system administration allows a perpetrator to execute arbitrary code.

The vulnerability of the designer/move.js file of the phpMyAdmin web application for database management systems relates to the lack of security measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

hibernate: SQL injection issue in Hibernate ORM

A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further...

SQL Injection Vulnerability in Standard Pepsi Vi***.ashx Page of RunShen Information Technology (Shanghai) Co.

R&S Information Technology Shanghai Co., Ltd. is a high-tech company specializing in software development and information services. Ltd. SQL injection vulnerability exists in the Standard Pepsi Vi.ashx page, which can be exploited by attackers to obtain sensitive information from the database...

CVE-2020-17373

SugarCRM before 10.1.0 Q3 2020 allows SQL Injection...

CVE-2020-16276

An SQL injection vulnerability in the Assets component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database...

SQL Injection Vulnerability in Enterprise Standardized Management System of Runshen Information Technology (Shanghai) Co.

Runshen Information Technology Shanghai Co., Ltd. main standard automatic update management software, file digitization, digitization of the map. Ltd. enterprise standardization management system, there is a SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive...

SQL Injection Vulnerability in Website Building System of Shenzhen Shenzhou Tongda Network Technology Co.

Shenzhen Shenzhou Tongda Network Technology Co., Ltd, provides Tencent enterprise mailbox, high-end website construction PC website, cell phone website, WeChat public account, SEO optimization and promotion, enterprise WeChat and other network infrastructure services and network marketing and...

SQL Injection Vulnerability in Air Pollution Control Monitoring, Early Warning and Decision Support System of Huainan Runcheng Technology Co.

The framework of the air pollution prevention and control grid-based monitoring, early warning and decision support system consists of three parts: the perception layer, the platform layer and the application layer. In the sensing layer, monitoring points are laid out according to the actual dema...

CVE-2020-7356

CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinderseqid' in wayfindermeetinginput.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injectin...

SQL Injection Vulnerability in OA Office System of Chengdu Huigao Software Co.

Chengdu Huigao Software Co., Ltd. is an OA software developer and service provider. A SQL injection vulnerability exists in the OA office system of Chengdu Huigao Software Co. The vulnerability can be exploited by an attacker to obtain sensitive information from the database...

SQL Injection Vulnerability in ECSHOP v2.7.3 by Merchant Pie Software Ltd.

ECShop is a professional e-commerce mall system. A SQL injection vulnerability exists in ECSHOP v2.7.3 of Merchant Pie Software Limited, which can be exploited by attackers to obtain sensitive information from the database...

SQL injection vulnerability in p***.php page of website building system of Inner Mongolia Wando Information Technology Co.

Wando Technology is an information technology company dedicated to enterprise informatization application services, in order to actively promote the development of enterprise informatization and e-commerce, because of the transparency, so the integrity of the enterprise policy. It is an applicati...

SQL injection vulnerability in Shanghai Zhihu Information Technology's website bu***_de*** system

Shanghai Zhihu Information Technology Co., Ltd. precipitated 5 years, each industry comprehensive business scenarios, combined with the ability of technological innovation, to provide social e-commerce, home furnishing industry, tourism and travel and other areas of the solution. Shanghai Zhihu...

Teclib GLPI SQL Injection Vulnerability (CNVD-2020-44905)

Teclib GLPI is an open source IT asset management suite from the French company Teclib. The suite includes features such as device status management, asset inventory storage, management processes and work log management. A SQL injection vulnerability exists in Teclib GLPI versions prior to 9.5.1...

Introduction to SQL: Examples, Best Practices and Pitfalls

SQL Structured Query Language has been with us for more than half a century and it’s not going away anytime soon. Popular in both traditional relational databases and newer NoSQL databases technologies, SQL is widely used for data analytics, Big Data processing, coding languages, and more. I’m a...