403 matches found
ZZCMS SQL注入漏洞
ZZCMS is a content management system CMS by the ZZCMS team in China. zzCMS version 2019 is vulnerable to SQL injection, which stems from the lack of single quotes in the id parameter of /admin/dlsendsms.php. No detailed vulnerability details are currently available...
CVE-2022-29664
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/plsave...
CVE-2022-29680
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/zudel...
CVE-2022-29684
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/jsdel...
CVE-2022-29663
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/hy...
CVE-2022-29666
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan...
CVE-2022-29666
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan...
Jfinal CMS SQL注入漏洞
Jfinal CMS is a powerful information consulting website developed by java, using the simple and powerful JFinal as a web framework, template engine with beetl, database with mysql, front-end bootstrap framework. jfinal CMS version 5.1 has a SQL injection vulnerability, the vulnerability originate...
CSCMS Music Portal System SQL注入漏洞
CSCMS Music Portal System is a diversified content management system of China Chong Sheng Network Technology CSCMS Company. CSCMS Music Portal System suffers from a SQL injection vulnerability that originates from the lack of validation of the id parameter of /admin.php/pic/admin/type/hy against...
CSCMS Music Portal System SQL注入漏洞
CSCMS Music Portal System is a diversified content management system of China Chong Sheng Network Technology CSCMS Company. CSCMS Music Portal System suffers from a SQL injection vulnerability, which originates from the id parameter in /admin.php/User/levelsort that lacks validation of externally...
CSCMS Music Portal System SQL注入漏洞
CSCMS Music Portal System is a diversified content management system of China Chong Sheng Network Technology CSCMS Company. CSCMS Music Portal System suffers from a SQL injection vulnerability, which originates from the id parameter in /admin.php/singer/admin/lists/zhuan that lacks validation of...
CSCMS Music Portal System SQL注入漏洞
CSCMS Music Portal System is a diversified content management system from China Sunshine Network Technology CSCMS, Inc. A SQL injection vulnerability exists in CSCMS Music Portal System, which originates from the missing validation of the id parameter in /admin.php/Label/jsdel for external input...
CSCMS Music Portal System SQL注入漏洞
CSCMS Music Portal System is a diversified content management system of China Chong Sheng Network Technology CSCMS Company. CSCMS Music Portal System suffers from a SQL injection vulnerability that originates from the lack of validation of the id parameter of /admin.php/pic/admin/type/save for...
Online Sports Complex Booking System SQL注入漏洞
Online Sports Complex Booking System is an online stadium booking system by Carlo Montero, a personal developer. Online Sports Complex Booking System version 1.0 is vulnerable to a SQL injection vulnerability that originates in /scbs/admin/ categories/viewcategory.php?id=, an attacker can execute...
CVE-2022-28439
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&&action=delete&userid=4...
CVE-2022-28438
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=type&userrole=User&userid=...
CVE-2022-28437
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=type&userrole=Admin&userid=3...
CVE-2022-28434
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=siteoptions&social=edit&sid=2...
CVE-2022-28010
Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\overtimedelete.php...
CVE-2022-27476
A cross-site scripting XSS vulnerability at /admin/goods/update in Newbee-Mall v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the goodsName parameter...