Grandstream UCM6200 SQL Injection Vulnerability (CNVD-2020-23201)

The Grandstream UCM6200 is an enterprise-class switch for IP telephony communications from Grandstream. An SQL injection vulnerability exists in the HTTP interface of the Grandstream UCM6200 versions prior to 1.0.19.20 and 1.0.20.17, which can be exploited by an attacker to execute shell commands...

SQL Injection Vulnerability in Shanghai Enterprise Torch Advertising Media Co.

Ltd. is committed to providing all kinds of enterprises and institutions with network domain name registration, web hosting rental, website construction and maintenance, website promotion and publicity, website revision and translation, enterprise post office, network payment, system integration,...

U-Mail mail server software suffers from SQL injection vulnerability ( CNVD-2020-26499).

U-Mail mail server software is a domestic first-tier brand that really provides lifetime free upgrades to the mail system, including data upgrades to the mail system, antivirus engine, and anti-spam engine. U-Mail mail server software has SQL injection vulnerability, attackers can use the...

SQL Injection Vulnerability in Hospital Purchasing and Supply Collaboration Platform of Beijing Zhicheng Yuyuan Technology Co.

The hospital procurement and supply collaboration platform is a real-name procurement and supply collaboration service platform for medical institutions and supplier enterprises in the distribution chain of the pharmaceutical and equipment supply chain. There is a SQL injection vulnerability in t...

SQL Injection Vulnerability in YUZHIGUO CMS sh***.asp Page

YUZHIGUO CMS is a content management system written in asp and using utf-8 coding. A SQL injection vulnerability exists in the YUZHIGUO CMS sh.asp page, which can be exploited by an attacker to obtain sensitive information from the database...

Cisco SD-WAN Solution vManage Command Injection Vulnerability

Cisco SD-WAN Solution is a set of network extension solutions from Cisco. vManage is a network management system. A command injection vulnerability exists in the Web UI in Cisco SD-WAN Solution vManage Release prior to 19.2.2, which stems from the Web UI failing to properly validate SQL values. A...

NETSAS Enigma NMS Information Disclosure Vulnerability

NETSAS Enigma NMS is a suite of network management and monitoring tools from NETSAS Australia. A security vulnerability exists in NETSAS Enigma NMS version 65.0.0 and prior versions, which originates from the program not encrypting data stored in the SQL database. An attacker can exploit the...

PT-2020-2125 · Cisco · Cisco Sd-Wan Solution Vmanage

Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN Solution vManage software affected versions not specified Description: The issue is related to a lack of protection against SQL query structure attacks in the vManage web interface of Cisco SD-WAN. This could allow a remote...

LogicalDoc SQL Injection Vulnerability

LogicalDOC is a set of document management system developed using Java technology . The system has Lucene full-text search indexing and automatic import and other functions. A SQL injection vulnerability exists in LogicalDoc versions prior to 8.3.3. The vulnerability stems from a lack of validati...

SuiteCRM SQL Injection Vulnerability (CNVD-2020-18564)

SuiteCRM is a free open source customer relationship management application. SuiteCRM suffers from an SQL injection vulnerability. No detailed vulnerability details are provided at this time...

ShopsN open source mall system v3.0.0 sh*** parameter SQL injection vulnerability

ShopsN open source mall system is a product of Shanghai Yisu Network Technology Co. Ltd. ShopsN open source mall system v3.0.0 sh parameter SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive database information...

Sapplica Sentrifugo SQL Blind Bets Vulnerability

Sentrifugo is an intuitive and easy to use open source human resource management software. Sapplica Sentrifugo 3.2 suffers from an SQL blind injection vulnerability. An attacker can exploit this vulnerability to read sensitive information from a database used by the application via the...

XYCMS message board PHP version of the background of the SQL injection vulnerability

XYCMS message board PHP version is to php + MySQL for the development of php message board source code, software for the ordinary message board, can be widely used in corporate websites and other websites that need a message board to use. XYCMS message board PHP version of the background there ar...

SQL Injection Vulnerability in Jinwei Mobile Mall System or***.php File

Jinwei mobile mall system is a micro-business customers with a public number, imitation hand Tao page layout, support embedded video playback. Support customized model specifications, the main specifications support attached pictures, each subdivided model support inventory control, subdivided...

ABB eSOMS SQL Injection Vulnerability

ABB eSOMS is a plant operations management system from ABB Switzerland. A SQL injection vulnerability exists in ABB eSOMS 6.0.3 and prior versions. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker can exploit this...

SQL injection vulnerability in us***.php file of Jinwei Mobile Mall system

Jinwei mobile mall system is a micro-business customers with a public number, imitation hand Tao page layout, support embedded video playback. Support customized model specifications, the main specifications support attached pictures, each subdivided model support inventory control, subdivided...

SQL injection vulnerability in the us***.cl***.php file of YIXUNCMS enterprise website builder system

YIXUNCMS enterprise website construction system is a set of display website system developed by Yixun Software Studio for small and medium-sized enterprises. There is a SQL injection vulnerability in the us.cl.php file of YIXUNCMS enterprise website builder system. Attackers can use the...

Yubico YubiKey Validation Server SQL Injection Vulnerability (CNVD-2020-16073)

Yubico YubiKey Validation Server is an authentication server from the Swedish company Yubico. A SQL injection vulnerability exists in YubiKey Validation Server versions prior to 2.40. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based...

TestLink SQL Injection Vulnerability (CNVD-2020-16091)

TestLink is a set of open source software for managing the software testing process and providing statistical analysis. A SQL injection vulnerability exists in TestLink 1.9.19 and earlier versions. The vulnerability stems from a lack of validation of externally entered SQL statements in...

SQL Injection Vulnerability in Shipping 100 System co***.php Page

Shipping 100 System is a virtual goods autoship system/article pay to read system. A SQL injection vulnerability exists in the co.php page of the Shipment 100 system, which can be exploited by attackers to obtain sensitive information from the database...