Treehugger External Link System suffers from SQL Injection Vulnerability

Tree Hole external chain system is a free open source PHP external chain network disk system , support for a variety of storage methods , multi-user system . Tree Hole external link system in shudong\views\userFiles file in the existence of SQL injection vulnerability , due to the failure of the...

Redgate SQL Monitor Arbitrary SQL Command Execution Vulnerability

Redgate SQL Monitor is a SQL Server monitor that monitors and analyzes database and task operations in real time and generates PDF documents. A security vulnerability exists in Redgate SQL Monitor, which can be exploited by a local attacker to submit a special request, gain access to Base Monitor...

SQL Injection Vulnerability in addr_edite Method of ShopSn V2.0 Mall System

ShopsN Mall system is a product of Shanghai Yiso Network Technology Co., Ltd, an enterprise-class commercial standard full-featured allow free commercial use of the open source online store full network system. A SQL injection vulnerability exists in the userid parameter in the addredite method o...

CVE-2017-1347

IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126462...

nuevoMailer 'r' Parameter SQL Injection Vulnerability

nuevoMailer is an email marketing software that can be used to manage mailing lists and track autoresponders. A SQL injection vulnerability exists in nuevoMailer 6.0 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands with the help of the 'r'...

Two SQL Injection Vulnerabilities in Axublog Blog System

axublog is a PHP personal blog system. Two SQL injection vulnerabilities exist in Axublog blog system. An attacker can exploit the vulnerabilities to obtain database information...

OV3 Online Administration SQL Injection Vulnerability

OV3 Online Administration is an online administration platform. An SQL injection vulnerability exists in OV3 Online Administration. The vulnerability is caused due to input passed via multiple GET and POST parameters including the User-Agent HTTP header not being properly filtered before being...

eCom Cart SQL Injection Vulnerability

A SQL injection vulnerability exists in eCom Cart. The vulnerability allows attackers to obtain sensitive information about the database...

Shenzhen Sodo technology enterprise station CMS SQL injection vulnerability

Shenzhen Sodo Technology enterprise station CMS is a specialized product for enterprise station building. SQL injection vulnerability exists in Shenzhen Sodo Technology Enterprise Station Building CMS. Attackers can use this vulnerability to obtain database information...

Schneider Electric U.motion Builder track_import_export remote code execution vulnerability

U.motion Builder is a builder product from Schneider Electric France. A remote code execution vulnerability exists in Schneider Electric U.motion Builder trackimportexport. When the export operation is selected in an applet call, the underlying SQLite database query requires SQL injection of the...

Schneider Electric U.motion Builder SOAP Remote Code Execution Vulnerability

U.motion Builder is a builder product from Schneider Electric France. A remote code execution vulnerability exists in the Schneider Electric U.motion Builder SOAP. The system allows SOAP requests to execute arbitrary SQL commands. An attacker could exploit the vulnerability to execute arbitrary...

Openbravo Business Suite SQL Injection Vulnerability

Openbravo Business Suite is a management and business process optimization solution from Openbravo Spain. A SQL injection vulnerability exists in Openbravo Business Suite version 3.0. A remote attacker can exploit this vulnerability to inject arbitrary SQL code...

WordPress Multi Feed Reader Plugin SQL Injection Vulnerability

WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports setting up personal blog sites on PHP and MySQL servers.Multi Feed Reader is one of the components used to create RSS feed templates. A SQL injection vulnerability exists in Mult...

SQL Injection Vulnerability in Message Board Module of State Micro CMS Government Website System

SMi CMS Government Website System is a website system for governments, schools and groups. There is a SQL injection vulnerability in the message board module of SMiCMS government website system. Due to insufficient filtering of parameters, attackers can exploit the vulnerability to execute...

Flash cms /wap has multiple SQL Injection Vulnerabilities

Flash Flash cms is a flash website system developed by Zibo Flash Network Technology Co. Flash cms has a SQL injection vulnerability. The vulnerability stems from the program's failure to filter user-submitted data, which can be exploited by attackers to obtain sensitive database information...

NetApp OnCommand Unified Manager Core Package SQL Injection Vulnerability

NetApp OnCommand Unified Manager Core Package is an OnCommand series of management software from American NetApp. A SQL injection vulnerability exists in NetApp OnCommand Unified Manager Core Package. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands...

finecms has a csrf vulnerability

FineCMS is a content management system based on PHP+MySql. A CSRF vulnerability exists in the finecms backend form for executing SQL, which can be exploited by attackers to trick administrators into clicking on a malicious link to execute SQL statements and write a webshell to gain server...

INFOR EAM SQL Injection Vulnerability

Infor EAM is the best configurable enterprise-class asset management solution on the market. Improve capital asset management by increasing reliability, enhancing predictive maintenance, ensuring regulatory compliance, reducing energy consumption, and supporting sustainability programs. An SQL...

Apple macOS Sierra SQLite SQL Query Memory Corruption Vulnerability

Apple macOS is a set of operating systems that run on Apple's Macintosh line of computers. A memory corruption vulnerability exists in the Apple macOS Sierra SQLite SQL query, which can be exploited by a remote attacker to submit a special WEB page and trick the user into parsing it to execute...

Apple macOS Sierra SQLite SQL Query Arbitrary Code Execution Vulnerability

Apple macOS is an operating system that runs on Apple's Macintosh line of computers. An arbitrary code execution vulnerability exists in the Apple macOS Sierra SQLite SQL query, which can be exploited by a remote attacker to submit a special SQL query and execute arbitrary code...