hibernate: SQL injection issue in Hibernate ORM

A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further...

SQL Injection Vulnerability in Employment Information Service Platform of Shanghai Jiading Information Technology Co.

Shanghai A-Ding Information Technology Co., Ltd. is focusing on college cloud employment information service platform products, adhering to the principle of saas, with many high-quality Internet resources as the basis, to establish employment information service cloud platform. Provide humanized,...

Shantou Sanyu Technology Co., Ltd. website building system suffers from SQL injection vulnerability.

Ltd. is a company that focuses on designing, producing and providing personalized e-commerce solutions for enterprises. Ltd. website building system suffers from SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

SQL Injection Vulnerability in Hop-Up Website Building System (CNVD-2020-31569)

Founded in 2007, HYN is a comprehensive enterprise specializing in providing customers with a series of enterprise services such as website, mailbox, advertisement, software, finance and tax. There is a SQL injection vulnerability in the website builder system of Hop-Up Network, which can be...

SQL Injection Vulnerability in Website Building System of Suzhou Topps Network Technology Co.

Suzhou Topps Network Technology Co., Ltd. is a computer software, computer animation and network products design, research and development, sales, and provide related technical services and consulting services company. There is a SQL injection vulnerability in the website system of Suzhou Topps...

SQL Injection Vulnerability in 120 Emergency Command Center Web Service System (CNVD-2020-31570)

120 Emergency Command Center Web Service System is a set of web application services for 120 Emergency Command Center, including internal training, learning and assessment functions. A SQL injection vulnerability exists in the 120 Emergency Command Center Web Service System, which can be exploite...

SQL injection vulnerability in zzcms backend in***.php file (CNVD-2020-32329)

zzcms is a free website builder developed in asp language. SQL injection vulnerability exists in zzzcms background in.php file. Attackers can use the vulnerability to obtain sensitive information in the database...

SQL Injection Vulnerability in the Frontend Registration Module of 120 Emergency Command Center Web Service System

120 Emergency Command Center Web Service System is a set of web application services for 120 Emergency Command Center, including internal training, learning and assessment functions. A SQL injection vulnerability exists in the frontend registration module of the 120 Emergency Command Center Web...

PayloadsAllTheThings

This repository is an offensive tool for Web Application Security and Pentest/CTF. It contains a list of useful payloads and bypass for various web application security testing and penetration testing purposes. The primary vulnerability class targeted by this repository is CRLF Carriage Return an...

Xi'an Baolian Network Technology Co., Ltd. website building system suffers from SQL injection vulnerabilities (CNVD-2020-32333)

Xi'an BaiLian Network Technology Co., Ltd. is the first technology company specializing in bearing industry management software development and bearing industry portal design. There is a SQL injection vulnerability in the website building system of Xi'an Bailian Network Technology Co. Attackers c...

SQL Injection Vulnerability in Waychar Enrollment System aj***.php Page st*** Parameters

Waychar Enrollment System is a PHP/MYSQL based enrollment system. Waychar registration system aj.php page st parameter SQL injection vulnerability, an attacker can use the vulnerability to obtain database sensitive information...

Extreme CMS suffers from SQL injection vulnerability

Extreme CMS is an enterprise-level open source content building system. Extreme CMS has a SQL injection vulnerability , attackers can exploit the vulnerability to obtain sensitive database information...

SQL Injection Vulnerability in Learning Module ti*** Parameters of 120 Emergency Command Center Web Service System

120 Emergency Command Center Web Service System is a set of web application services for 120 Emergency Command Center, including internal training, learning and assessment functions. SQL injection vulnerability exists in the learning module ti parameter of the 120 Emergency Command Center Web...

PT-2020-13036 · WordPress · Wp-Advanced-Search

Name of the Vulnerable Software and Affected Versions: wp-advanced-search plugin version 3.3.6 Description: The Import feature in the wp-advanced-search plugin is vulnerable to authenticated SQL injection via an uploaded .sql file. An attacker can use this to execute SQL commands without any...

Shaanxi New Force Network Technology Co., Ltd. website building system has SQL injection vulnerabilities

Ltd. is a high-tech company integrating R&D, production and sales. Ltd. website building system has SQL injection vulnerabilities, which can be exploited by attackers to obtain sensitive information from the database...

Shanghai Danfan Network Technology Co., Ltd. builds website system with SQL injection vulnerability (CNVD-2020-28095)

Shanghai Danfan network science and technology limited company builds the station system is for the chemical industry to provide the security, the high efficiency, the multi-function, the system matching B2B electronic commerce platform specialized website. Shanghai Danfan network science and...

YouDianCMS suffers from SQL injection vulnerability (CNVD-2020-28101)

YouDianCMS set computer website, mobile website, micro letter, APP, small program in one, share space, data automatic synchronization, is the domestic open source five station one excellent solution. YouDianCMS has SQL injection vulnerability, attackers can use the vulnerability to obtain databas...

CVE-2020-6010

LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection...

SQL injection vulnerability in waychar enrollment system (CNVD-2020-28129)

waychar registration system, an online registration system developed for sports events and other general events, supports public numbers and small programs. The waychar registration system suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive...

Opmantek Open-AudIT SQL Injection Vulnerability

Opmantek Open-AudIT is an open source network discovery and auditing program from Opmantek USA. The program intelligently scans networks and network devices and provides status reports. A security vulnerability exists in Opmantek Open-AudIT version 3.2.2. An attacker can exploit the vulnerability...