VulnCheck KEV: CVE-2021-27101

Accellion FTA contains a SQL injection vulnerability exploited via a crafted host header in a request to documentroot.html...

Eaton Intelligent Power Manager SQL注入漏洞

Eaton Intelligent Power Manager IPM is an intelligent power manager from Eaton Corporation that supports remote monitoring and management of multiple devices in a network from an interface. An SQL injection vulnerability exists in Eaton Intelligent Power Manager versions prior to 1.69, which is...

The vulnerability of the AVEVA Enterprise Data Management Web (eDNA Web) software platform, related to the lack of measures taken to protect the SQL query structure, allows a hacker to execute arbitrary SQL commands.

The vulnerability of the AVEVA Enterprise Data Management Web eDNA Web software platform is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands remotely...

WordPress和Sprymedia DataTables SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.Sprymedia DataTables is a JavaScript library for converting HTML tables to dynamic tables from the UK company...

The vulnerability of the Accellion FTA security system, which stems from the lack of measures to protect the SQL query structure, allows attackers to execute arbitrary SQL code and gain unauthorized access to protected information.

The vulnerability of the Accellion FTA security system lies in the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary SQL code and gain unauthorized access to protected information using a specially...

CVE-2021-30000

An issue was discovered in LATRIX 0.6.0. SQL injection in the txtaccesscode parameter of inandout.php leads to information disclosure and code execution...

Piwigo SQL注入漏洞

Piwigo is a free and open source web photo album software. A SQL injection vulnerability exists in versions prior to Piwigo 11.4.0. An attacker can exploit this vulnerability by using the language parameter of admin.php?page=languages to conduct a SQL injection attack...

The vulnerability of the Citrix XenMobile Server, a system for managing corporate mobile devices, stems from the lack of protective measures for the SQL query structure. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the Citrix XenMobile Server, a system for managing corporate mobile devices, is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected informatio...

Sourcecodester Simple College Website SQL注入漏洞

Sourcecodester Simple College Website is a content management system from Sourcecodester. Sourcecodester Simple College Website suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in database-based applications, which can be exploit...

CVE-2021-27315

Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via the comment parameter...

Hgiga MailSherlock SQL注入漏洞

Hgiga MailSherlock is a set of enterprise mail audit system from Henderson Hgiga, China. HGiga MailSherlock suffers from a SQL injection vulnerability, which stems from the lack of validation of externally entered SQL statements in database-based applications, and can be exploited by an attacker ...

Excellent Infotek Corporation EIC e-document system SQL注入漏洞

Excellent Infotek Corporation EIC e-document system is an application system of Excellent Infotek Corporation. EIC e-document system is an application system of Excellent Infotek Corporation, which provides precise, simple and standardized XML document forms to simplify the process of writing and...

The vulnerability in the vManage web interface of the software-defined Cisco SD-WAN network allows a attacker to execute arbitrary SQL queries.

The vulnerability in the vManage web interface of the Cisco SD-WAN program-defined network is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

MyBB SQL注入漏洞

MyBB is a free open source forum software. A SQL injection vulnerability exists in the Copy Forums feature of the Forum Manager in versions of MyBB prior to 1.8.26. No detailed vulnerability details are available at this time...

CVE-2021-27314

SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page...

Matthias Van Woensel qcubed SQL注入漏洞

Matthias Van Woensel qcubed is an application by Matthias Van Woensel. It provides a PHP model-view-controller framework for rapid application development. A SQL injection vulnerability exists in qcubed all versions including 3.1.1, which allows unauthenticated access to a database via injection ...

Sourcecodesterk Doctor Appointment System SQL注入漏洞

Doctor Appointment System is a PHP/MySQLi based doctor appointment system. A SQL blind injection vulnerability exists in contactus.php in Doctor Appointment System 1.0. An attacker can exploit this vulnerability to insert malicious SQL queries via the firstname parameter...

Sourcecodesterk Doctor Appointment System SQL注入漏洞

Sourcecodesterk Doctor Appointment System is a Sourcecodesterk open source application. It provides an appointment scheduling feature. Doctor Appointment System version 1.0 suffers from an SQL injection vulnerability that originates from a remote blind SQL injection vulnerability in the name and...

Sourcecodesterk Doctor Appointment System SQL注入漏洞

Doctor Appointment System is a PHP/MySQLi based doctor appointment system. A SQL blind injection vulnerability exists in contactus.php in Doctor Appointment System 1.0. The vulnerability can be exploited to insert malicious SQL queries via email parameters...

Cisco SD-WAN vManage 输入验证错误漏洞

Cisco SD-WAN vManage is a software from Cisco that provides software-defined networking capabilities. The software provides a way to virtualize the network. An input validation error vulnerability exists in Cisco SD-WAN vManage, which is caused by improper validation of SQL query inputs on affect...