iCMS SQL Injection Vulnerability (CNVD-2018-14361)

iCMS is a content management system CMS built with PHP and MySQL databases. A SQL injection vulnerability exists in the spider.admincp.php file in iCMS version 7.0.8. A remote attacker can exploit this vulnerability by sending an app=spider&do=batch request with the 'id' parameter to the...

Quick Chat SQL Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Quick Chat plugin is used in one of the online chat plugin. A SQL injection vulnerability exists in WordPress Quic...

PvPGN Stats SQL Injection Vulnerability

PvPGN Stats is a PHP-based tool that supports the integration of websites with the PvPGN game server, displaying server status, ladder pages, and more. A SQL injection vulnerability exists in the ladder/stats.php file in PvPGN Stats version 2.4.6, which stems from the program not filtering databa...

SQL Injection Vulnerability in hdcmsv1.2 System

HDCMS is a content management system package written in PHP , the database using Mysql. to provide powerful , complete functionality to complete the rapid development of the site . HDCMS system version 1.2 SQL injection vulnerability, remote attackers can exploit the vulnerability to obtain...

Shipping System CMS SQL Injection Vulnerability

Shipping System CMS is a shipping management system. Shipping System CMS suffers from a SQL injection vulnerability. An attacker can exploit this vulnerability to execute arbitrary SQL statements...

CVE-2017-18287

An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the POST usersearch parameter...

Novell SUSE Studio Onsite and SUSE Studio Onsite Appliance SQL Injection Vulnerability

Novell SUSE Studio Onsite and SUSE Studio Onsite Appliance are both U.S. Novell Web applications for building and testing software applications in a Web browser. A SQL injection vulnerability exists in the list of software available in Novell SUSE Studio Onsite versions prior to 1.0.3-0.18.1 and...

portfolioCMS SQL Injection Vulnerability

portfolioCMS is a content management system CMS based on PHP and MySQL. A SQL injection vulnerability exists in portfolioCMS version 1.0.5. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands with the help of the 'preview' parameter...

SQL Injection Vulnerability in Website Building System of Guangdong Shunde Deyun Network Technology Co.

Guangdong Shunde Deyun Network Technology Co., Ltd. is a marketing company relying on the Internet, focusing on practical Internet planning and in-depth marketing. There is a SQL injection vulnerability in the website building system of Guangdong Shunde Deyun Network Technology Co. Attackers can...

Joomla! User Bench SQL Injection Vulnerability

Joomla! is an open source Content Management System CMS that offers RSS feeds, site search, etc. User Bench is one of those simple components that allows you to list your team details. An SQL injection vulnerability exists in Joomla! An attacker could use this vulnerability to corrupt the...

Dingwei iPower CMS has multiple vulnerabilities

Dingwei iPower CMS is a website system developed by Chongqing Dingwei Network Technology Co. Dingwei iPower CMS exists SQL injection, XSS cross-site scripting vulnerabilities, the background management system also exists user guessing, ultra-rights access and other vulnerabilities, attackers can...

SQL Injection Vulnerability in Guangzhou Lianya Network Technology Co.

Guangzhou Lianya Network Technology Co., Ltd. is a technology-based network company. A SQL injection vulnerability exists in the website building system of Guangzhou Lianya Network Technology Co. An attacker can exploit the vulnerability to obtain sensitive information from the database...

OpenDaylight Controller SQL Injection Vulnerability

Opendaylight, a project of the Linux Foundation in the United States, is a community-driven open source software-defined networking framework that contains an ensemble of modules capable of performing networking tasks that need to be done quickly.Controller is one of the controllers. An SQL...

Quest KACE System Management Appliance SQL Injection Vulnerability

Quest KACE System Management Appliance is an IT asset management appliance from Quest Software, USA. A SQL injection vulnerability exists in the '/common/runreport.php' script in version 8.0.318 of the Quest KACE System Management Appliance, which stems from the program not filtering incoming...

Pixelpost SQL Injection Vulnerability

Pixelpost is a suite of extensible open source photo-sharing applications with multi-language support. A SQL injection vulnerability exists in Pixelpost 1.7.3 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands...

SQL Injection Vulnerability in Hainan Creative Media pc Website Building System

Hainan Creative Future Culture Media Co., Ltd. is engaged in brand one-stop service e-commerce advertising consulting services media enterprises. We design complete solutions for users and provide the best advertising support services. A SQL injection vulnerability exists in the pc website builde...

CVE-2018-11535

An issue was discovered in SITEMAKIN SLAC Site Login and Access Control v1.0. The parameter "myitemsearch" in users.php is exploitable using SQL injection...

E-Sic SQL Injection Vulnerability (CNVD-2018-10474)

E-Sic is a Brazilian electronic system for citizen information. A SQL injection vulnerability exists in E-Sic version 1.0. A remote attacker can exploit this vulnerability by sending the 'f' parameter to the esiclivre/restrito/inc/buscacep.php file to execute arbitrary SQL commands...

SQL Injection Vulnerability in SMiCMS Government Website System v201803224 Version

State Micro CMS is one of the mainstream CMS systems in China, and is also the largest open source platform provider in the field of PHP in Southern China. State Micro CMS government website system v201803224 version of the existence of SQL injection vulnerability , attackers can exploit the...

iScripts eSwap 'ToId' Parameter SQL Injection Vulnerability

iScripts eSwap is a set of item trading software. The software supports trading with virtual currencies or directly exchanging items. A SQL injection vulnerability exists in iScripts eSwap version 2.4. A remote attacker can use the 'ToId' parameter to view, add, modify, or delete information in t...