847 matches found
CVE-2020-25362
The id paramater in Online Shopping Alphaware 1.0 has been discovered to be vulnerable to an Error-Based blind SQL injection in the /alphaware/details.php path. This allows an attacker to retrieve all databases...
CVE-2020-27232
An exploitable SQL injection vulnerability exists in ‘manageServiceStocks.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...
OpenClinic GA SQL注入漏洞
OpenClinic GA is an open source hospital integrated information management system . An SQL injection vulnerability exists in the code parameter in getAssets.jsp in OpenClinic GA version 5.173.3. An attacker can exploit this vulnerability by sending an HTTP request to perform a SQL injection attac...
VulnCheck KEV: CVE-2021-27101
Accellion FTA contains a SQL injection vulnerability exploited via a crafted host header in a request to documentroot.html...
MyBB SQL注入漏洞
MyBB is a free open source forum software. A SQL injection vulnerability exists in the Copy Forums feature of the Forum Manager in versions of MyBB prior to 1.8.26. No detailed vulnerability details are available at this time...
Evolucare Ecsimaging SQL Injection Vulnerability
Evolucare Ecsimaging is a mobile application for viewing medical radiology images from the French company Evolucare. A SQL injection vulnerability exists in Evolucare Ecsimaging version 6.21.5 and earlier versions in the login form and password forget form, which can be exploited to obtain data...
SQL Injection Vulnerability in JeecgBoot Frontend
JeecgBoot is a low-code BPM-based platform. A SQL injection vulnerability exists in the frontend of JeecgBoot. An attacker can exploit the vulnerability to obtain sensitive database information...
SQL injection vulnerability in the background lo***.php page of Shield Spirit merchandise promotion system
Shield Spirit commodity promotion system can be applied to multiple types of public number, personal or business subscription number and service number can be used, easy to docking all kinds of public number, through the WeChat public number of the relevant interfaces configured to come into effe...
SQL Injection Vulnerability in Shield Spirit Commodity Promotion System Frontend he***.php Page
Shield Spirit commodity promotion system can be applied to multiple types of public number, personal or business subscription number and service number can be used, easy to docking all kinds of public number, through the WeChat public number of the relevant interfaces configured to come into effe...
Vulnerability fixed in Nexpose
A vulnerability has been fixed in Nexpose. The vulnerability allows an authenticated malicious party to execute an SQL injection to execute and thereby obtain sensitive data. Rapid7 has released updates to fix the vulnerability. More information can be found on the page below:...
SQL Injection Vulnerability in Shield Spirit Original Article Submission System 1.0
Shield Spirit Original Article Submission System 1.0 is a concise submission system. Shield Spirit Original Article Submission System 1.0 suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database...
SQL Injection Vulnerability in ZZCMS2020 Backend (CNVD-2020-59409)
ZZCMS is a content management system. A SQL injection vulnerability exists in the backend of ZZCMS2020, which can be exploited by attackers to obtain sensitive information from the database...
SQL Injection Vulnerability in the Management Platform of Internet Service Establishments of Harbin Zhonglong Baiying Technology Development Co.
Harbin Zhonglong Baiying Technology Development Co., Ltd. was founded on May 29, 2013, mainly engaged in computer hardware and software, office automation equipment, security equipment and so on. Harbin Zhonglong Baiying Technology Development Co., Ltd. has a SQL injection vulnerability in the...
SQL Injection Vulnerability in Shield Spirit Original Article Submission System 1.0 Backend
Shield Spirit Original Article Submission System 1.0 is a concise submission system. Shield Spirit Original Article Submission System 1.0 has a SQL injection vulnerability in the background, which can be exploited by attackers to obtain sensitive information from the database...
CVE-2020-13505
Parameter psClass in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability...
openSIS SQL Injection Vulnerability
openSIS is a free, open source student information system/school management software. A SQL injection vulnerability exists in the email parameter in EmailCheck.php in openSIS 7.3. An attacker can exploit this vulnerability by sending an HTTP request to perform a SQL injection attack...
SQL Injection Vulnerability in the Website Building System of Longcheng Internet Wenzhou Network Company (CNVD-2020-54843)
Wenzhou Longcheng Internet Technology Co., Ltd - is engaged in website construction, website production, website design, graphic design, website optimization, website promotion, album design and other integrated Internet companies. Long Cheng Internet Wenzhou Network Company website building syst...
SQL Injection Vulnerability in phpweb finished website builder system
PHPWEB system is developed with PHP+MYSQL technology, with clear architecture and easy-to-maintain code. Support pseudo-static function, can generate google and baidu map, support keywords and descriptions, in line with SEO standards. phpweb finished website builder system has a SQL injection...
SQL Injection Vulnerability in Website Building System of Linyi Xinbao Network Technology Co. Ltd (CNVD-2020-51582)
Linyi Xinpao Network Technology Co., Ltd. is a company that provides website construction, software development and services, e-commerce, website operation, network marketing and promotion; network technology training consulting and information services; corporate image marketing planning,...
Ltd. cross-border e-commerce integrated platform has SQL injection vulnerability
Ltd. was founded in 2013 as an information technology service provider. Ltd. cross-border e-commerce integrated platform suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...