The vulnerability in the vManage web interface of Cisco SD-WAN’s programmatically defined network allows a attacker to compromise the confidentiality and integrity of the protected information.

The vulnerability in the vManage web interface of Cisco’s programmable network architecture involves a lack of protection for the SQL query structure. Exploiting this vulnerability allows an attacker to compromise the confidentiality and integrity of the protected information...

PT-2020-1843 · Abb · Abb Esoms

Name of the Vulnerable Software and Affected Versions: ABB eSOMS versions 3.9 to 6.0.3 Description: The issue is related to a lack of input checks for SQL queries, which might allow an attacker to perform SQL injection attacks against the backend database. This could potentially be exploited by a...

CVE-2020-3934

TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, contains a vulnerability of Pre-auth SQL Injection, allowing attackers to inject a specific SQL command...

PT-2020-1616 · Microsoft · Sql Server Reporting Services +1

Name of the Vulnerable Software and Affected Versions: Microsoft SQL Server Reporting Services versions 2012 through 2016 Description: A remote code execution issue exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests. This could allow an attacker to execute...

Jobberbase SQL Injection Vulnerability (CNVD-2020-04571)

Jobberbase is an open source platform for building job search websites. A SQL injection vulnerability exists in Jobberbase. The vulnerability stems from a lack of validation of externally entered SQL statements in the database-based application. An attacker can exploit this vulnerability to execu...

Plone DTML SQL Injection

Plone is free and open source content management system. Plone DTML suffers from SQL injection, which can be exploited by remote attackers to submit a special SQL request to manipulate the database, which can obtain sensitive information or execute arbitrary code...

The vulnerability in HMI/SCADA Equinox Control Expert, related to the failure to protect the SQL query structure, allows a intruder to gain unauthorized access to protected information.

The vulnerability in HMI/SCADA Equinox Control Expert relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information by sending specially crafted SQL queries to the database...

CVE-2019-12619

A vulnerability in the web interface for Cisco SD-WAN Solution vManage could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An attacker could...

Cisco SD-WAN Solution SQL Injection Vulnerability

Cisco SD-WAN Solution is a suite of network extension solutions from Cisco, of which vManage is the console. An SQL injection vulnerability exists in the web interface of Cisco SD-WAN Solution vManage. The vulnerability stems from insufficient validation of user-supplied input. A remote...

Cisco SD-WAN Solution SQL Injection Vulnerability (CNVD-2020-04036)

Cisco SD-WAN Solution is a suite of network extension solutions from Cisco, of which vManage is the console. An SQL injection vulnerability exists in the web interface of Cisco SD-WAN Solution vManage. The vulnerability stems from insufficient validation of user-supplied input. An attacker could...

PHPGurukul Small CRM SQL Injection Vulnerability

PHPGurukul Small CRM is a customer relationship management system. A SQL injection vulnerability exists in the /in.php file in version v2.0 of PHPGurukul Small CRM. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker c...

PT-2020-7693 · Unknown · Déjà Vu Crescendo Sales Crm

Name of the Vulnerable Software and Affected Versions: Déjà Vu Crescendo Sales CRM affected versions not specified Description: The issue is related to a remote SQL Injection. No further details are provided about the estimated number of potentially affected devices or real-world incidents...

Dairy Farm Shop Management System SQL Injection Vulnerability

Dairy Farm Shop Management System is a PHP and MySQL based dairy farm management system . A SQL injection vulnerability exists in Dairy Farm Shop Management System version 1.0. The vulnerability stems from a lack of validation of externally entered SQL statements in a database-based application. ...

SQL Injection Vulnerability in Xinkao Online Marking System of Hebei Xinkao Education Technology Co.

Hebei Xinkao Education Technology Co., Ltd. is a professional high-tech enterprise dedicated to the informatization of educational applications, and has developed the Campus Card Management System, Xinkao Online Marking System and Home-School Interconnection System. Hebei Xinkao Education...

SQL Injection Vulnerability in Wecenter of Shenzhen Weike Interactive Co.

WeCenter is a completely open source social networking program similar to Zhihu based on Q&A, based on PHP+MYSQL application architecture. WeCenter has a SQL injection vulnerability that can be exploited by attackers to obtain sensitive database information...

Cisco Data Center Network Manager REST API SQL Injection Vulnerability

Cisco Data Center Network Manager DCNM is a suite of data center network managers from Cisco that provides multiprotocol management of the network and troubleshooting of switch operating conditions and performance. A REST API SQL injection vulnerability exists in Cisco Data Center Network Manager...

XerCMS in***.php file suffers from SQL injection vulnerability

Ctrip CMS XerCMS is a content management system based on php+mysql, integrating membership, community, guestbook, news and model management. An SQL injection vulnerability exists in the XerCMS in.php file, which can be exploited by attackers to obtain sensitive information...

SQL Injection Vulnerability in ZKEACMS

Paper shell CMS ZKEACMS is ZKEASOFT independent research and development, open source website system, you can directly use it to do for your corporate website, portal or personal website, blog, or use it to do the second custom development to meet your specific needs. ZKEACMS has a SQL injection...

File Upload Vulnerability in Laike Ecommerce Management System

Laike e-commerce system is an open source e-commerce system. Laike E-commerce Management System suffers from a SQL injection vulnerability that can be exploited by attackers to gain server privileges...

SQL Injection Vulnerability in Hula Enterprise Website Management System of Qingdao Scorch Culture Media Co.

Hula enterprise website management system is based on ThinkPHP5 framework development, security and efficiency, including all the features of ThinkPHP5. Qingdao Scorch Culture Media Co., Ltd. Hula enterprise website management system has a SQL injection vulnerability, which can be exploited by...