48 matches found
Campcodes Complete Web-Based School Management System 安全漏洞
Campcodes Complete Web-Based School Management System is a Web-based school management system from Campcodes, Inc. A security vulnerability exists in Complete Web-Based School Management System version 1.0. An attacker can exploit this vulnerability to execute arbitrary SQL commands via the name...
crmeb_java 安全漏洞
Zhongbang CRMEB is an open source e-commerce management system from Zhongbang Networks Zhongbang in Xi'an, China. A security vulnerability exists in versions prior to crmebjava v1.3.4, which stems from the presence of a SQL injection vulnerability that allows an attacker to run arbitrary SQL...
PT-2024-22491 · Unknown · Employee Management System
Name of the Vulnerable Software and Affected Versions: Employee Management System version 1.0 Description: The issue allows attackers to run arbitrary SQL commands via the admin id parameter in "update-admin.php". This can potentially lead to unauthorized access and manipulation of database...
PT-2024-20066 · Gambio · Gambio
Name of the Vulnerable Software and Affected Versions: Gambio versions 4.9.2.0 and earlier Description: The issue allows attackers to run arbitrary SQL commands via a crafted GET request using the modifiersattribute parameter. This enables attackers to potentially extract or modify sensitive data...
CVE-2021-36503
SQL injection vulnerability in native-php-cms 1.0 allows remote attackers to run arbitrary SQL commands via the cat parameter to /list.php file...
The vulnerability in the virtual learning environment Moodle, related to insufficient cleaning of user data, allows a hacker to execute arbitrary SQL commands.
The vulnerability in the virtual training environment Moodle is related to insufficient cleaning of user data on the “browse list of users” page of the administration site. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands by sending a specially created quer...
Exment SQL注入漏洞
Exment is simple, easy, lightweight and free web database. A security vulnerability exists in Exment PHP8 v5.0.2 and earlier, laravel-admin v3.0.0 and earlier, and exment PHP7 v4.4.2 and earlier, which can be exploited by attackers to execute arbitrary SQL commands...
Fortinet FortiNAC SQL注入漏洞
Fortinet FortiNAC is a network access control solution from Fortinet, Inc. Fortinet FortiNAC versions 8.3.7 through 9.2.2 are vulnerable to SQL injection, a vulnerability that originates when user-provided data is not sufficiently cleaned and can be exploited to send ad-hoc requests to affected...
DOYO SQL注入漏洞
DOYO doyocms is a PHP-based open source content management system CMS. A SQL injection vulnerability exists in admin.php of DOYO CMS 2.3, which can be exploited by an attacker to execute arbitrary SQL commands via the orders parameter...
AudimexEE SQL Injection Vulnerability
AudimexEE is a system for audit management from Audimex AG, Germany. The system meets complex audit processes around the company's business, supports customization for use and is deployed platform-independently. A SQL injection vulnerability exists in the Documents component of AudimexEE versions...
Gambio GX SQL Injection Vulnerability
Gambio GX is a suite of e-commerce platforms from Gambio Germany. A SQL injection vulnerability exists in the admin/mobile.php file in Gambio GX versions prior to 4.0.1.0. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. An...
Mitsubishi Electric MC Works64 and MC Works32 Code Injection Vulnerability
The Mitsubishi Electric MC Works64 and MC Works32 are both data acquisition and monitoring systems SCADA from Mitsubishi Electric Japan. A code injection vulnerability exists in Mitsubishi Electric MC Works64 version 4.02C 10.95.208.31 and earlier versions, and MC Works32 version 3.00A 9.50.255.0...
Octeth Oempro SQL Injection Vulnerability
Octeth Oempro is a suite of email marketing software from Octeth USA. An SQL injection vulnerability exists in the 'CampaignID' parameter of Campaign.Get in Octeth Oempro version 4.7. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based...
WordPress gallery-photo-gallery plugin SQL injection vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. gallery-photo-gallery is a responsive gallery plugin used in it. A SQL injection vulnerability exists in the WordPress...
Library CMS SQL Injection Vulnerability
Library CMS is a management system for corporate and personal use. Library CMS suffers from a SQL injection vulnerability that can be exploited by an attacker to execute arbitrary SQL commands...
WordPress SQL Injection Vulnerability (CNVD-2017-34851)
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress WPDB SQL injection vulnerability can be exploited by an attacker to execute arbitrary SQL commands due to...
Wordpress plugin image-gallery-with-slideshow 'imgid' parameter SQL injection vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the Wordpress plugin image-gallery-with-slideshow. A remote attacker can exploit the...
Ideagen Easysite SQL Injection Vulnerability
Ideagen Easysite is a web content management system from Ideagen UK. A SQL injection vulnerability exists in the CInfoService.asmx file of WebServices in Ideagen Easysite version 7.0. The vulnerability can be exploited by remote attackers to execute arbitrary SQL commands via a specially crafted...
WordPress Photo Gallery by WD - Responsive Photo Gallery SQL Injection Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Photo Gallery by WD - Responsive Photo Gallery is one of the image management plugin. A SQL injection vulnerabilit...
CVE-2016-6453
A vulnerability in the web framework code of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to execute arbitrary SQL commands on the database. More Information: CSCva46542. Known Affected Releases: 1.30.876...