SQL Injection Vulnerability in PHP Version of Nettie CMS

OTCMS Nettie CMS is an article-based web content management system CMS. A SQL injection vulnerability exists in the PHP version of OTCMS, which can be exploited by attackers to obtain sensitive information from the database...

CVE-2020-20800

An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the install/index.php?action=adminsetup&cndata=yes&endata=yes&showdata=yes URI...

SQL Injection Vulnerability in Linkworks of Quanta Technology Co.

Founded in 1998, Quanta Technology Co., Ltd. is a digital construction platform service provider with professional applications in the field of construction engineering as the core basic support, and value-added services such as industrial big data and industrial new finance. A SQL injection...

Observium SQL Injection Vulnerability (CNVD-2020-54786)

Observium is a low-maintenance auto-discovery network monitoring platform that supports multiple device types, platforms and operating systems. Observium suffers from a SQL injection vulnerability. An attacker can exploit this vulnerability to inject malicious SQL queries via the ajax/actions.php...

SQL Injection Vulnerability in School Office OA System of Guangzhou Yingfeng Information Technology Co.

Guangzhou Yingfeng Information Technology Co., Ltd. school office OA system is a comprehensive management platform for schools, a comprehensive information management system for schools, and a digital campus management system. Guangzhou Yingfeng Information Technology Co., Ltd School Office OA...

SQL Injection Vulnerability in Guojiz International Website Navigation System

Guojiz International Website Navigation System is developed by ThinkPHP5.0+PHP7.0+Mysql+Apache/Nginx/iis, which is suitable for small and medium-sized webmasters to build a CMS program. Guojiz International Website Navigation System has a SQL injection vulnerability, which can be exploited by...

CVE-2020-13505

Parameter psClass in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability...

Foshan Tiema Software Co., Ltd. Tiema Mobile Phone Query System Login Page Exists SQL Injection Vulnerability

Foshan Tiema Software Company, is a high-tech software company specializing in enterprise information management engineering, to provide personalized solutions for different types of enterprises. Foshan Iron Horse Software Co., Ltd Iron Horse cell phone query system login page SQL injection...

Alfresco sql injection vulnerability

Alfresco is an open source enterprise content management system. The platform page using Freemarker development , the main features include document management , collaboration , records management , knowledge base management , Web content management and so on. A sql injection vulnerability exists...

IBM Maximo Asset Management SQL Injection Vulnerability (CNVD-2020-52460)

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for these assets. IBM Maximo Asse...

mysql: InnoDB unspecified vulnerability (CPU Apr 2020)

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

SQL Injection Vulnerability in Smart-MDS Multimedia Command and Dispatch System of Yixin Technology Co.

But the new technology Smart-MDS multimedia command and scheduling system with convergence access function, provide multi-service convergence of the unified scheduling management platform, access to mainstream various types of audio and video communication system functions. There is a SQL injecti...

mysql: Server: Locking unspecified vulnerability (CPU Jul 2020)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Locking. Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...

IBM InfoSphere Guardium SQL Injection Vulnerability

InfoSphere Guardium is an enterprise information database auditing and protection solution. A SQL injection vulnerability exists in several InfoSphere Guardium scripts that can be exploited by remote attackers to submit a specially crafted SQL request to manipulate a database, which could result ...

My-CTF-Web-Challenges

It is an offensive tool for web exploitation. The repository contains a collection of web challenges created by the user 'orange'. The challenges are designed to test various web exploitation techniques, including SQL injection, cross-site scripting XSS, and authentication bypass. The challenges...

There are SQL injection vulnerabilities in the backend of Zendo open source version of Qingdao Yiqi Tianchuang Management Consulting Co.

Zendo Open Source Edition is a research and development project management software. There is a SQL injection vulnerability in the backend of Zendo Open Source Edition of Qingdao Yiqi Tianchuang Management Consulting Co. An attacker can exploit this vulnerability to obtain sensitive information...

Microsoft Dynamics 365 Remote Code Execution Vulnerability (CNVD-2020-52901)

Microsoft Dynamics 365 is Microsoft's next-generation intelligent business application that helps enterprises grow and digitally transform through the perfect integration of CRM and ERP. A remote code execution vulnerability exists in Microsoft Dynamics 365 9.0. The vulnerability stems from the...

postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution

A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function...

ZZCMS suffers from SQL injection vulnerability (CNVD-2020-57393)

ZZCMS is a free website builder developed in asp language. ZZCMS suffers from a SQL injection vulnerability. An attacker can exploit this vulnerability to read database information...

Jinan Yuxia Information Technology Co., Ltd. website building system SQL injection vulnerability

Jinan Yuxia Information Technology Co., Ltd. to the Internet products and related services as the main direction, is a collection of website construction and network promotion, IDC business, software development, server hosting, telecommunications value-added services and other integrated service...