Multiple SQL Injection Vulnerabilities in Fiyo CMS

Fiyo CMS is small business phone service and mobile collaboration tool. Fiyo CMS has multiple SQL injection vulnerabilities. The vulnerabilities can be exploited by an attacker to gain access to sensitive database information...

Comsenz SupeSite CMS SQL Injection Vulnerability

Comsenz SupeSite 7.0 CMS is a content management system developed by Comsenz. Comsenz SupeSite 7.0 CMS "batch.common.php" fails to properly filter user-submitted inputs for the "name" parameter, allowing remote attackers to submit specially crafted SQL queries to manipulate or obtain database dat...

WordPress SEO by Yoast SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports setting up personal blog sites on servers with PHP and MySQL.WordPress SEO by Yoast is an SEO plugin for wordpress. WordPress SEO by Yoast fails to properly filter user-submitt...

SQL Injection Vulnerability in Ticketmaster ERP Management System of Shanghai Shengdai Information Technology Co.

Ltd. Ticketmaster ERP management system is a special ticket management system for air ticket agents, integrating online booking management, telephone recording screen, corporate travel management, order management in the same industry, membership management, points management, SMS sending, staff...

SIPhone Enterprise PBX SQL Injection Vulnerability

SIPhone Enterprise PBX is an enterprise switch product. A SQL injection vulnerability exists in SIPhone Enterprise PBX. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands via a username...

Multiple SQL Injection Vulnerabilities in ZeroCMS

ZeroCMS is a simple content management system, built with PHP and MySQL. ZeroCMS suffers from multiple SQL injection vulnerabilities due to the program failing to properly filter user-supplied input. An attacker is allowed to exploit this vulnerability to access or modify data, or to exploit a...

PT-2023-25556 · Monetdb +1 · Monetdb Server +1

Name of the Vulnerable Software and Affected Versions: MonetDB Server versions 11.45.17 through 11.46.0 Description: The issue in the list append component allows attackers to cause a Denial of Service DoS via crafted SQL statements. Recommendations: For versions 11.45.17 and 11.46.0, update to a...

PT-2023-25553 · Monetdb +1 · Monetdb Server +1

Name of the Vulnerable Software and Affected Versions: MonetDB Server versions 11.45.17 through 11.46.0 Description: The issue in the sql trans copy key component allows attackers to cause a Denial of Service DoS via crafted SQL statements. Recommendations: For versions 11.45.17 and 11.46.0, upda...

CFME: REST API SQL Injection

It was found that CloudForms 4 exposed SQL filters via the REST API without any input escaping. An authenticated user could use this flaw to perform SQL injection attacks against the CloudForms Management Engine database...

WordPress Plugin Cdnvote SQL Injection Vulnerability

WordPress is a use of PHP language development of blogging platform , users can support PHP and MySQL database server set up their own weblog . cdnvote is a WordPress plugin to create a voting module . WordPress plugin Cdnvote has a SQL injection vulnerability. A remote attacker can exploit this...

WordPress Social Slider Plugin SQL Injection Vulnerability

WordPress is a blogging platform developed using the PHP language that allows users to set up their own weblogs on servers that support PHP and MySQL databases.Social Slider is a social sharing button display plugin. Social Slider plugin suffers from a SQL injection vulnerability that allows remo...

HumHub SQL Injection Vulnerability

HumHub is a flexible, open source social networking system developed in PHP. HumHub 0.10.0-rc.1 and earlier versions suffer from a SQL injection vulnerability that allows remote authenticated users to execute arbitrary SQL commands...

PMB SQL Injection Vulnerability

PMB is a WEB-based application. The PMB catalog.php script fails to properly filter the id parameter, allowing remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain database data...

Osclass 'alert' Parameter SQL Injection Vulnerability

OSClass is a PHP MySQL based development , used to create and manage classified ads website open source system . The Osclass 'alert' parameter suffers from a SQL injection vulnerability because it fails to adequately filter user-supplied data before using it in a SQL query. Allows an attacker to...

mysql: unspecified vulnerability related to SRINFOSC (CPU July 2014)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC...

CVE-2014-2081

Multiple SQL injection vulnerabilities in the login in webreports/cgi-bin/InfoStation.cgi in Innovative vtls-Virtua before 2013.2.4 and 2014.x before 2014.1.1 allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 password parameter...

UBUNTU-CVE-2014-3704

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys...

UBUNTU-CVE-2013-2226

Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the 1 usersidassign parameter to ajax/ticketassigninformation.php, 2 filename parameter to front/document.form.php, or 3 table parameter to ajax/comments.php...

DEBIAN-CVE-2014-2708

Multiple SQL injection vulnerabilities in graphxport.php in Cacti 0.8.7g, 0.8.8b, and earlier allow remote attackers to execute arbitrary SQL commands via the 1 graphstart, 2 graphend, 3 graphheight, 4 graphwidth, 5 graphnolegend, 6 printsource, 7 localgraphid, or 8 rraid parameter...

UBUNTU-CVE-2014-2708

Multiple SQL injection vulnerabilities in graphxport.php in Cacti 0.8.7g, 0.8.8b, and earlier allow remote attackers to execute arbitrary SQL commands via the 1 graphstart, 2 graphend, 3 graphheight, 4 graphwidth, 5 graphnolegend, 6 printsource, 7 localgraphid, or 8 rraid parameter...