SalesAgility SuiteCRM SQL Injection Vulnerability (CNVD-2019-16997)

SalesAgility SuiteCRM is a suite of enterprise-grade open source customer relationship management CRM. A SQL injection vulnerability exists in SalesAgility SuiteCRM versions 7.10.x prior to 7.10.17 and 7.11.x prior to 7.11.5, which can be exploited by an attacker to execute illegal SQL commands...

HotelDruid SQL Injection Vulnerability (CNVD-2019-17320)

HotelDruid is a hotel management system from the DigitalDruid.Net team. The system includes features such as room management, financial management and inventory management. A SQL injection vulnerability exists in HotelDruid versions prior to 2.3.1. The vulnerability stems from a lack of validatio...

SQL Injection Vulnerability in One-Card System of Zhengzhou Xinkai Pu Electronic Technology Co.

Zhengzhou New Cape Electronic Technology Co., Ltd. is a company whose main business scope includes computer system integration, development and operation and maintenance, software, smart card machine and other projects. Zhengzhou XinKaipu Electronic Technology Co., Ltd. one card system there is a...

Quest Software Kace K1000 Appliance SQL Injection Vulnerability

Quest Software Kace K1000 Appliance is a system management appliance from Quest Software, USA. The product is used for software license management, patch and endpoint security management, software distribution and server monitoring functions. A SQL injection vulnerability exists in Quest Kace K10...

IBM PureApplication System SQL Injection Vulnerability

IBM PureApplication System is a platform system from IBM USA designed for transactional Web and database applications. The system is capable of handling workloads and can be maintained and updated from a single console for all configurations. A SQL injection vulnerability exists in IBM...

SQL Injection Vulnerability in the Website Management System of Henan Lisuo Internet Information Technology Co.

Henan Lisuo Internet Information Technology Co., Ltd. is an Internet comprehensive service organization. There is a SQL injection vulnerability in the website management system of Henan Lisuo Internet Information Technology Co., Ltd, which can be exploited by attackers to obtain sensitive...

Vtiger CRM SQL Injection Vulnerability (CNVD-2019-16507)

Vtiger CRM is a set of customer relationship management system CRM based on SugarCRM developed by American Vtiger. The management system provides management, collection and analysis of customer information and other functions. A SQL injection vulnerability exists in the...

The vulnerability in the web interface of the Cisco Prime Infrastructure monitoring and network device management system, as well as the Cisco Evolved Programmable Network Manager software, allows a malicious actor to execute arbitrary SQL queries.

The vulnerability of the web interface for managing Cisco Prime Infrastructure network equipment and the Cisco Evolved Programmable Network Manager software relates to input validation errors. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries by sending specially...

SQL Injection Vulnerability in Tpshop v3.5 Sm***.php Page

Tpshop is a set of multi-merchant mode developed by Shenzhen Soleil Networks Limited mall system. A SQL injection vulnerability exists in the Tpshop v3.5 Sm.php page. Attackers can use the vulnerability to obtain sensitive information in the database...

SQL Injection Vulnerability in Tpshop v3.5 Ar***.php Page

Tpshop is a set of multi-merchant mode developed by Shenzhen Soleil Networks Limited mall system. A SQL injection vulnerability exists in the Tpshop v3.5 Ar.php page. An attacker can exploit the vulnerability to obtain sensitive information from the database...

SQL injection vulnerability in Tpshop v3.5 To***.php page (CNVD-2019-17503)

Tpshop is a set of multi-merchant mode developed by Shenzhen Soleil Networks Limited mall system. A SQL injection vulnerability exists in the Tpshop v3.5 To.php page. Attackers can use the vulnerability to obtain sensitive information in the database...

Computrols CBAS Web SQL Injection Vulnerability

CBAS Web is a Web-based building management system BMS from Computrols. A SQL injection vulnerability exists in Computrols CBAS Web. The vulnerability stems from improper validation of parameters passed to different scripts. A remote authenticated attacker could exploit the vulnerability to execu...

SQL Injection Vulnerability in SemCms

SemCms is an open source foreign trade enterprise website management system, mainly used for foreign trade enterprises. SemCms SQL injection vulnerability , attackers can use the vulnerability to obtain sensitive database information...

CommSy SQL Injection Vulnerability

Commsy is a Web-based, open source community system for project management. A SQL injection vulnerability exists in CommSy version 8.6.5. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker can exploit this vulnerabili...

CVE-2019-1824

A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplie...

OpenProject SQL Injection Vulnerability

OpenProject is an open source Web-based project management software . The software has project planning , task management , bug tracking and cost budgeting and other functions . A SQL injection vulnerability exists in OpenProject versions 5.0.0 through 8.3.1. The vulnerability stems from a lack o...

SQL Injection Vulnerability in AICA CMS Backend li***.php

Acme CMS is a full-featured, PHP + Mysql architecture, multi-language, responsive display, suitable for personal website construction CMS building system. Acme CMS background li.php SQL injection vulnerability, attackers can use the vulnerability to obtain database sensitive information...

Orpak SitOmat SQL Injection Vulnerability

Orpak SitOmat is a remote takeover refueling system from Orpak India. A SQL injection vulnerability exists in Orpak SitOmat, which can be exploited by remote attackers to execute SQL commands...

The vulnerability of the Dr.Web Enterprise Security Suite, an anti-virus protection tool, lies in the lack of SQL query filtering. This allows attackers to increase their privileges.

The vulnerability of the Dr.Web Enterprise Security Suite antivirus protection lies in the absence of SQL query filtering. Exploiting this vulnerability allows a malicious actor, who operates remotely and has no access to the application’s administrative operations via the web interface, to...

The vulnerability of the Etlas electronic document management system lies in the lack of protection for SQL query structures, which allows attackers to disclose the protected information.

The vulnerability of the Etlas electronic document management system lies in the lack of protection for the SQL query structure. Exploiting this vulnerability allows a malicious actor to gain access to protected information by entering a specially crafted SQL query into the “Process Name” field o...