PhpCollab SQL Injection Vulnerability

phpCollab is a set of Web-based project collaboration management software. The software features task assignment, discussions, logs and notifications. A SQL injection vulnerability exists in PhpCollab 2.5.1 and earlier versions. A remote attacker can exploit the vulnerability to execute arbitrary...

Dr.COM APG Anti-Proxy Gateway suffers from SQL Injection Vulnerability

Dr.COM APG Anti-Proxy Gateway Anti-Proxy Gateway is a network behavior analysis and management gateway device designed and developed by Guangzhou Hotspot specifically for broadband shared access management, which mainly provides wired and wireless broadband operators with a real-time control box...

Synology Media Server SQL Injection Vulnerability

Synology Media Server is a set of media server software from Synology. A SQL injection vulnerability exists in Synology Media Server versions prior to 1.7.6-2842 and 1.4-2654. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands with the 'ObjectID' parameter...

SQL Injection Vulnerability in UQCMS Cloud Business B2B2C Multi-store System

UQCMS cloud business system is a program using PHP + MYSQL, template using smarty template B2B2C e-commerce software. UQCMS cloud business B2B2C multi-store system SQL injection vulnerability, the vulnerability stems from the program on the function filtering is not rigorous. Attackers can use th...

Advantech WebAccess SQL Injection Vulnerability (CNVD-2018-11441)

Advantech WebAccess is a set of HMI/SCADA software from Advantech based on browser architecture. The software supports dynamic graphic display and real-time data control, and provides remote control and management of automation equipment. An SQL injection vulnerability exists in Advantech WebAcce...

CVE-2018-8914

SQL injection vulnerability in UPnP DMA in Synology Media Server before 1.7.6-2842 and before 1.4-2654 allows remote attackers to execute arbitrary SQL commands via the ObjectID parameter...

SQL Injection Vulnerability in YHCMS Version V2.6.5 R20160808

YHCMS is a professional marketing enterprise building system based on PHP+MYSQL as the core development. A SQL injection vulnerability exists in YHCMS version V2.6.5 R20160808. The vulnerability originates from the system's parameter filtering is not rigorous. An attacker can exploit the...

SQL Injection Vulnerability in Nagios XI 5.4.12 and Prior (CNVD-2018-09748)

Nagios is an open source, free network monitoring tool that effectively monitors the status of hosts, switches routers and other network devices, printers, etc. for Windows, Linux and Unix. Nagios XI 5.4.12 and earlier versions suffer from a SQL injection vulnerability that can be exploited by...

SQL Injection Vulnerability in Nagios XI 5.4.12 and Prior Versions

Nagios is an open source, free network monitoring tool that effectively monitors the status of hosts, switches routers and other network devices, printers, etc. for Windows, Linux and Unix. Nagios XI 5.4.12 and earlier versions suffer from a SQL injection vulnerability that can be exploited by...

CVE-2018-9102

A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 21.84.5535.0 and earlier, and Mitel ST 14.2, versions GA27 19.49.5200.0 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for...

Apache Fineract SQL Injection Vulnerability (CNVD-2018-09808)

Apache Fineract is a set of open source digital financial services platform of the U.S. Apache Apache Software Foundation. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other functions. An SQL injection vulnerability...

SQL Injection Vulnerability in Duoduocms V8.3_UTF8_20180131 Official Version

DuoDuo rebate system is for e-commerce rebate, shopping guide to provide solutions, is the open source PHP rebate site system. DuoDuoRebate duoduocms V8.3UTF820180131 official version of the existence of SQL injection vulnerability. The vulnerability stems from the system on the parameters of the...

Zoho ManageEngine Desktop Central Database Query Type Restriction Under-Execution Vulnerability

ZOHO ManageEngine Desktop Central DC is a desktop management solution from ZOHO. The solution includes software distribution, patch management, system configuration, remote control and other functional modules to support the entire lifecycle of desktop and server management. A security...

SQL Injection Vulnerability in Website Construction System of Ningxia Hongfeng Network Technology Co.

Ningxia Hongfeng Network Technology Co., Ltd. is Ningxia Yinchuan area specializing in Internet services nature of the enterprise, to provide enterprise website construction, personal website production, 400 telephone for, website revision, website promotion, SEO keyword optimization, e-commerce...

Zhengzhou Yuanchen Culture Communication Co., Ltd. website construction system has SQL injection vulnerabilities

Zhengzhou Yuanchen Culture Communication Co., Ltd. is a high-tech enterprise engaged in the Internet, specializing in providing a full set of e-commerce solutions for many enterprises. There is a SQL injection vulnerability in the website construction system of Zhengzhou Yuanchen Culture...

Xuzhou Xunbang Technology Co., Ltd. website construction system has SQL injection vulnerabilities

Xuzhou Xunbang Technology Co., Ltd. is engaged in enterprise website design and production, shopping mall website production, marketing website production, mobile APP development, WeChat public platform, cell phone / micro-site production, Baidu optimization and promotion, 360 search promotion,...

iScripts eSwap SQL Injection Vulnerability

IScripts eSwap is an item trading program from IScripts Inc. that supports the use of virtual currency or direct item exchange. The program supports the use of virtual currencies to trade or directly exchange items.User Panel is one of the user panels. A SQL injection vulnerability exists in...

Navarino Infinity SQL Injection Vulnerability

Navarino Infinity is a maritime bandwidth management and optimization solution from Navarino Greece. The solution can be used to equip many types of vessels. A SQL injection vulnerability exists in Navarino Infinity version 2.1.7. A remote attacker could exploit the vulnerability to inject SQL...

Anhui Zhishengyuan Information Technology Co., Ltd. website construction system has SQL injection vulnerabilities

Anhui Zhishengyuan Information Technology Co., Ltd. is an e-commerce operator with Internet technology as its core. There is a SQL injection vulnerability in the website construction system of Anhui Zhishengyuan Information Technology Co. An attacker can exploit the vulnerability to obtain...

Foreman SQL Injection Vulnerability

Foreman is a complete lifecycle management tool for physical and virtual servers. A SQL injection vulnerability exists in Foreman versions prior to 1.16.1. The vulnerability arises due to an input validation flaw in the id field in Foreman's dashboard controller. An attacker can exploit the...