CVE-2017-12731

A SQL Injection issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. The application is vulnerable to injection of...

SQL Injection Vulnerability in Hanchao B2B2C Multi-User Mall System v2.1.6

Hanchao B2B2C multi-user mall system is a PHP multi-user mall website system source code developed in PHP + MySQL. Hanchao B2B2C Multi-User Mall System v2.1.6 suffers from a SQL injection vulnerability. An attacker can exploit this vulnerability to obtain database information...

IBM Tivoli Monitoring Portal SQL Injection Vulnerability

IBM Tivoli Monitoring ITM is a suite of system monitoring software from IBM in the United States. The software supports the detection of system bottlenecks and potential problems, performance monitoring of basic system resources, and automatic recovery from critical situations. IBM Tivoli...

CVE-2017-2241

SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to execute arbitrary SQL commands via "File Transfer Web Service"...

SQL Injection Vulnerability in Message Board Module of State Micro CMS Government Website System

SMi CMS Government Website System is a website system for governments, schools and groups. There is a SQL injection vulnerability in the message board module of SMiCMS government website system. Due to insufficient filtering of parameters, attackers can exploit the vulnerability to execute...

NetApp OnCommand Unified Manager Core Package SQL Injection Vulnerability

NetApp OnCommand Unified Manager Core Package is an OnCommand series of management software from American NetApp. A SQL injection vulnerability exists in NetApp OnCommand Unified Manager Core Package. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands...

Cell Phone Remote Lighting Monitoring System SQL Injection Vulnerability in txtUsername Parameter

Mobile Remote Lighting Monitoring System is a lighting monitoring system from China Electronic Technology Group Corporation. A SQL injection vulnerability exists in the Mobile Remote Lighting Monitoring System. The lack of filtering of the 'txtUsername' parameter allows an attacker to exploit the...

Lepton Add_droplets Parameter SQL Injection Vulnerability

Lepton is a set of tools for lossless compression of JPEG format files. A SQL injection vulnerability exists in the Lepton Adddroplets parameter, which could be exploited by an attacker to compromise an application, access or modify data, or exploit a potential vulnerability in the underlying...

pycsw SQL Injection Vulnerability

pycsw is a system written in python that implements OGC CSW server functionality. It runs on all major platforms Windows, Linux, Mac OS X. Pycsw suffers from a SQL injection vulnerability, which can be exploited by an attacker to take control of the application, access or modify data, or exploit...

TYPO3 TC Directmail SQL Injection Vulnerability

TYPO3 is a free and open source content management system maintained by the Swiss TYPO3 Association. A SQL injection vulnerability exists in TYPO3 TC Directmail. The vulnerability is caused due to the program failing to properly filter user-supplied input, allowing an attacker to exploit the...

CVE-2016-1000125

Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla...

Joomla! com_bt_media Component SQL Injection Vulnerability

Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. The system provides RSS feeds , site search and other functions . A SQL injection vulnerability exists in the categories0 parameter of the index/php page of the Joomla! combtmedia...

PHPIPAM SQL Injection Vulnerability

phpipam is a set of open source PHP and MySQL based IP address management application IPAM. A cross-site scripting vulnerability exists in phpipam version 1.2.1, which can be exploited by an attacker to compromise the application, access or modify data, or exploit potential vulnerabilities in the...

SQL injection vulnerability in the zwkm parameter of the modifyzdjb.jsp page of the ilasIII digital library system of Shenzhen Ketu Automation New Technology Application Company.

Integrated Library Automation System ILAS is the Ministry of Culture in 1988 as a national key scientific and technological projects issued by the Shenzhen Library to undertake and organize the development of a set of libraries at home and abroad to adapt to different levels, a variety of scales,...

vBulletin forumrunner/includes/moderation.php SQL Injection Vulnerability

VBulletin is a powerful, flexible and fully customizable suite of forum programs. A SQL injection vulnerability exists in the forumrunner/includes/moderation.php file in versions of vBulletin prior to 4.2.2 Patch Level 5 and prior to 4.2.3 Patch Level 1. A remote attacker can exploit this...

SQL Injection Vulnerability in Asset Management System sysbh Parameter of Jinan Guozi Digital Technology Co.

Asset management system of Jinan Guozi Digital Technology Co., Ltd. is a set of sharing and management platform for precision instruments or large instruments. The product suffers from SQL injection vulnerability, the vulnerability URL is: http://host/dxyqsyspt/sysDetail.aspx?sysbh=000001 The...

SQL Injection Vulnerability in the Templetid Parameter of Hopping Collaborative Content Management System

HZCMS is a website group content management system based on Java and XML technology. A SQL injection vulnerability exists in the templetid parameter of HZCMS. Attackers can use the vulnerability to obtain data information...

Generalized SQL Injection Vulnerability in Agricultural Network of Wuhan Joseph Xin Sun Agricultural Network Co.

Wuhan Joseph Xin Sun Agricultural Network Co., Ltd. is mainly engaged in computer network information software research and development, electronic complete sets of equipment research and development; business information consulting; business information consulting; sales of primary agricultural...

IBM Marketing Platform SQL Injection Vulnerability (CNVD-2016-03333)

IBM Marketing Platform is a suite of marketing platforms from IBM in the United States. The platform supports marketers in leveraging and analyzing customer interactions on websites, cell phones and social media to deliver targeted marketing campaigns to customers. A SQL injection vulnerability...

The vulnerability of the microprogramming software used in Cisco RV220W network switches allows attackers to execute arbitrary SQL commands.

The vulnerability of the web interface for managing microprogramming software on the Cisco RV220W network switch is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands using a specially...