206 matches found
The vulnerability in the virtual learning environment Moodle, related to insufficient cleaning of user data, allows a hacker to execute arbitrary SQL commands.
The vulnerability in the virtual training environment Moodle is related to insufficient cleaning of user data on the “browse list of users” page of the administration site. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands by sending a specially created quer...
Exment SQL注入漏洞
Exment is simple, easy, lightweight and free web database. A security vulnerability exists in Exment PHP8 v5.0.2 and earlier, laravel-admin v3.0.0 and earlier, and exment PHP7 v4.4.2 and earlier, which can be exploited by attackers to execute arbitrary SQL commands...
Fortinet FortiNAC SQL注入漏洞
Fortinet FortiNAC is a network access control solution from Fortinet, Inc. Fortinet FortiNAC versions 8.3.7 through 9.2.2 are vulnerable to SQL injection, a vulnerability that originates when user-provided data is not sufficiently cleaned and can be exploited to send ad-hoc requests to affected...
The vulnerability of the Apache DolphinScheduler scheduler platform, related to privilege management errors, allows a malicious actor to execute arbitrary SQL queries.
The vulnerability of the Apache DolphinScheduler scheduler platform is related to privilege management errors. Exploiting this vulnerability allows a remote attacker to execute arbitrary SQL queries...
Advantech R-SeeNet SQL注入漏洞
Advantech R-SeeNet is an industrial monitoring software from Advantech Taiwan. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to SQL injection, which is caused by insufficient cleaning of...
The vulnerability of the information system openSIS, related to the failure to protect the SQL query structure, allows a perpetrator to execute arbitrary SQL queries.
The vulnerability of the information system openSIS is related to the failure to implement measures to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries using the index.php USERNAME parameter...
DOYO SQL注入漏洞
DOYO doyocms is a PHP-based open source content management system CMS. A SQL injection vulnerability exists in admin.php of DOYO CMS 2.3, which can be exploited by an attacker to execute arbitrary SQL commands via the orders parameter...
The vulnerability of the central/executar_login.php component of the Mk-Auth authentication software allows a hacker to execute arbitrary SQL queries against the database.
The vulnerability of the central/executarlogin.php component of the Mk-Auth authentication software is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the database in the target...
AudimexEE SQL Injection Vulnerability
AudimexEE is a system for audit management from Audimex AG, Germany. The system meets complex audit processes around the company's business, supports customization for use and is deployed platform-independently. A SQL injection vulnerability exists in the Documents component of AudimexEE versions...
CVE-2020-15925
A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.10.21 allows remote authenticated attackers to execute arbitrary SQL commands via the TPFXPAR1 parameter...
Gambio GX SQL Injection Vulnerability
Gambio GX is a suite of e-commerce platforms from Gambio Germany. A SQL injection vulnerability exists in the admin/mobile.php file in Gambio GX versions prior to 4.0.1.0. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. An...
The vulnerability of the SiTex-Gosuslu development platform’s component, related to insufficient validation of input data, allows for arbitrary queries to be executed against the database.
The vulnerability of the SiTex development platform’s service component is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary requests to the database using a specially created POST request...
The vulnerability in the vManage web interface of the software-defined Cisco SD-WAN network allows a attacker to execute arbitrary SQL queries.
The vulnerability in the vManage web interface of the Cisco SD-WAN software exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...
The vulnerability of the web interface of the content management software in the Prime Collaboration Provisioning network allows a hacker to execute arbitrary SQL queries.
The vulnerability in the web interface for managing content in the Prime Collaboration Provisioning network involves a lack of measures to protect the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries remotely...
Mitsubishi Electric MC Works64 and MC Works32 Code Injection Vulnerability
The Mitsubishi Electric MC Works64 and MC Works32 are both data acquisition and monitoring systems SCADA from Mitsubishi Electric Japan. A code injection vulnerability exists in Mitsubishi Electric MC Works64 version 4.02C 10.95.208.31 and earlier versions, and MC Works32 version 3.00A 9.50.255.0...
Easy B2C Mall System d***.php file exists arbitrary SQL statement execution vulnerability
Easy B2C mall system is a mall system based on open source framework development. Easy B2C mall system d.php file exists arbitrary SQL statement execution vulnerability. An attacker can exploit the vulnerability to execute arbitrary SQL statements within the file...
CVE-2019-20495
cPanel before 82.0.18 allows attackers to read an arbitrary database via MySQL dump streaming SEC-531...
CVE-2019-20495
cPanel before 82.0.18 allows attackers to read an arbitrary database via MySQL dump streaming SEC-531...
CVE-2018-14502
controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters...
Octeth Oempro SQL Injection Vulnerability
Octeth Oempro is a suite of email marketing software from Octeth USA. An SQL injection vulnerability exists in the 'CampaignID' parameter of Campaign.Get in Octeth Oempro version 4.7. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based...