PHPSUGAR PHP Melody SQL Injection Vulnerability (CNVD-2017-32540)

PHPSUGAR PHP Melody is a PHP-based content management system for video websites. A SQL injection vulnerability exists in PHPSUGAR PHP Melody versions prior to 2.7.3. A remote attacker can perform a display list operation on the watch.php file and exploit the vulnerability to execute arbitrary SQL...

SQL Injection Vulnerability in WebShow Shopping System V5.4 listjp.asp

Net show shopping system is a shopping site developed with asp + access. A SQL injection vulnerability exists in NetShow Shopping System V5.4 listjp.asp. An attacker can obtain sensitive database information by constructing specific SQL statements...

LetoDMS SQL Injection Vulnerability (CNVD-2017-35203)

LetoDMS is a document management system based on PHP+MySQL development. A SQL injection vulnerability exists in LetoDMSCore/Core/inc.ClassDMS.php in LetoDMS before version 3.3.8, which can be exploited by remote attackers to execute arbitrary SQL commands...

SQL Injection Vulnerability in DM Enterprise Website System

DM building system is developed by php + mysql a set of specialized for small and medium-sized enterprise website construction of open source cms. DM enterprise website builder system multiple parameters exist SQL injection vulnerability , attackers can use the vulnerability to obtain sensitive...

Frappe frappe.share.get_users SQL Injection Vulnerability

Frappe is a WEB application. Frappe frappe.share.getusers suffers from a SQL injection vulnerability that allows remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain database data...

Catfish CMS v4.5.7 SQL Injection Vulnerability in Frontend

Catfish CMS is open source free PHP CMS web content management system. Catfish CMS v4.5.7 suffers from a SQL injection vulnerability in the frontend. An attacker can exploit this vulnerability to obtain sensitive database information...

Cash Back Comparison Script SQL Injection Vulnerability

Cash Back Comparison Script is a cash back script. A SQL injection vulnerability exists in Cash Back Comparison Script version 1.0. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands...

Trend Micro Mobile Security SQL Injection Vulnerability

Trend Micro Mobile Security Enterprise is a set of cell phone security software from Trend Micro that integrates cell phone security scanning, real-time protection against malicious programs and monitoring of malicious behavior. A SQL injection vulnerability exists in versions of Trend Micro Mobi...

WordPress Responsive Image Gallery Plugin SQL Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL server set up a personal blog site.Responsive Image Gallery plugin is one of the image management plugin. A SQL injection vulnerability exists in WordPre...

mysql: Incorrect input validation allowing code execution via mysqldump

It was discovered that the mysql and mysqldump tools did not correctly handle database and table names containing newline characters. A database user with privileges to create databases or tables could cause the mysql command to execute arbitrary shell or SQL commands while restoring database...

SQL Injection Vulnerability in Guizhou Chitong Network Technology Co.

Guizhou Chitong Network Technology Co., Ltd. is an Internet service provider. The services offered include: website direct ID registration, website full network promotion, enterprise official website construction, e-commerce platform type website construction, website optimization outsourcing and...

Wordpress plugin image-gallery-with-slideshow 'imgid' parameter SQL injection vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the Wordpress plugin image-gallery-with-slideshow. A remote attacker can exploit the...

EyesOfNetwork web interface SQL injection vulnerability

EyesOfNetwork EON is an open source, free IT monitoring solution. The solution provides business process configuration tools, generating pop-up windows when events occur in the active queue, etc. EyesOfNetwork web interface aka eonweb is one of the web interfaces. A SQL injection vulnerability...

EyesOfNetwork web interface SQL injection vulnerability (CNVD-2017-33830)

EyesOfNetwork EON is an open source, free IT monitoring solution. The solution provides business process configuration tools, generating pop-up windows when events occur in the active queue, etc. EyesOfNetwork web interface aka eonweb is one of the web interfaces. A SQL injection vulnerability...

WordPress WatuPRO SQL Injection Vulnerability

WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports the setting up of personal blog sites on servers with PHP and MySQL.WatuPRO plugin is one of the online quiz plugin. A SQL injection vulnerability exists in WordPress WatuPRO...

Pragyan CMS SQL Injection Vulnerability (CNVD-2017-32462)

Pragyan CMS is a multi-user, modular PHP and MySQL based Content Management System CMS. The system supports custom built-in frameworks, user group rights management, search engine optimization and more. A SQL injection vulnerability exists in Pragyan CMS version 3.0. A remote attacker can exploit...

SQL Injection Vulnerability in OURPHP Message Boards

OURPHP 傲派建站系统 is a website content management system developed using PHP language, the developer is Harbin Weicheng Technology Co. A SQL injection vulnerability exists in the OURPHP V1.7.3 message board, which is caused by the system failing to strictly filter the parameters entered by the user. ...

Wenzhou Starlight Technology Development Co., Ltd. website builder system newLook.asp page SQL injection vulnerability

Wenzhou Starlight Technology Development Co., Ltd. website builder is a website builder system. There is a SQL injection vulnerability in the newLook.asp page of the website builder system of Wenzhou Starlight Technology Development Co. The vulnerability is due to the system fails to effectively...

SQL injection vulnerability in the product.asp page of the website building system of Dongguan Starlight Technology Co.

Dongguan Starlight Technology Co., Ltd. website builder is a website builder system. A SQL injection vulnerability exists in the product.asp page of the website builder system of Dongguan Starlight Technology Co. The vulnerability is due to the system fails to effectively filter the data submitte...

OPW Fuel Management Systems SiteSentinel Integra and SiteSentinel iSite SQL Injection Vulnerabilities

The SiteSentinel Integra 100, SiteSentinel Integra 500 and SiteSentinel iSite ATG are products that provide tank monitoring capabilities for OPW's fuel management system. An SQL injection vulnerability exists in OPW Fuel Management Systems SiteSentinel Integra and SiteSentinel iSite, which can be...