Sql injection

SQL injection vulnerability in UPnP DMA in Synology Media Server before 1.7.6-2842 and before 1.4-2654 allows remote attackers to execute arbitrary SQL commands via the ObjectID parameter...

openSUSE Security Update : phpMyAdmin (openSUSE-2018-387)

This update for phpMyAdmin to version 4.8.0.1 fixes the following issues : - CVE-2018-10188: Possible execution of arbitrary SQL statements via manipulated URLs boo1090309 This version also contains a number of upstream changes, improvements, new functions and bug fixes. %NASLMINLEVEL 70300 C...

SQL Injection

Dolibarr is vulnerable to SQL injection attacks. The attacks exist because it does not properly sanitize the viewstatut and propalstatut aka searchstatut parameters in comm/propal/list.php, allowing the authenticated user to inject arbitrary SQL code through it...

Code injection

The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php in Gxlcms QY v1.0.0713 allows remote attackers to execute arbitrary SQL statements via the sql parameter. Consequently, an attacker can execute arbitrary PHP code by placing it after a ?php substring, and then using INTO OUTFILE wit...

CVE-2018-9247

The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php in Gxlcms QY v1.0.0713 allows remote attackers to execute arbitrary SQL statements via the sql parameter. Consequently, an attacker can execute arbitrary PHP code by placing it after a ?php substring, and then using INTO OUTFILE wit...

GxlcmsQY Arbitrary PHP Code Execution Vulnerability

Gxlcms QY is an enterprise website creation system. A security vulnerability exists in the 'upsql' function in the \Lib\Lib\Action\Admin\DataAction.class.php file in Gxlcms QY version 1.0.0713. A remote attacker can exploit this vulnerability by executing arbitrary SQL statements with the help of...

CVE-2018-8820

An issue was discovered in Square 9 GlobalForms 6.2.x. A Time Based SQL injection vulnerability in the "match" parameter allows remote authenticated attackers to execute arbitrary SQL commands. It is possible to upgrade access to full server compromise via xpcmdshell. In some cases, the...

Sql injection

DISPUTED SQL injection vulnerability in SQLiteDatabase.java in the SQLi Api in Android allows remote attackers to execute arbitrary SQL commands via the delete method...

CVE-2014-4959

Technical details about CVE-2014-4959 are not publicly provided in the included documents; no affected products, root cause, impact, or remediation are specified. Monitor for updates.

Sql injection

SQL injection vulnerability in the management interface in ePortal Manager allows remote attackers to execute arbitrary SQL commands via unspecified parameters...

CVE-2018-8802

SQL injection vulnerability in the management interface in ePortal Manager allows remote attackers to execute arbitrary SQL commands via unspecified parameters...

CVE-2018-8802

SQL injection vulnerability in the management interface in ePortal Manager allows remote attackers to execute arbitrary SQL commands via unspecified parameters...

CVE-2018-8802

SQL injection vulnerability in the management interface in ePortal Manager allows remote attackers to execute arbitrary SQL commands via unspecified parameters...

Sql injection

SQL injection vulnerability in Invision Power Board aka IPB or IP.Board before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the cId parameter...

CVE-2014-4928

SQL injection vulnerability in Invision Power Board aka IPB or IP.Board before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the cId parameter...

Sql injection

SQL injection vulnerability in OpenScape Deployment Service DLS before 6.x and 7.x before R1.11.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2014-2652

SQL injection vulnerability in OpenScape Deployment Service DLS before 6.x and 7.x before R1.11.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2014-2652

SQL injection vulnerability in OpenScape Deployment Service DLS before 6.x and 7.x before R1.11.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

Tuleap 'CVE-2018-7538' SQLi Vulnerability

Tuleap is prone to an SQL injection SQLi vulnerability in the tracker functionality. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

FineCMS v5.2.0 SQL注入

在/finecms/dayrui/controllers/Api.php第45行： template-cron = 0; $GET'page' = max1, int$this-input-get'page'; $params = drstring2arrayurldecode$this-input-get'params'; $params'get' = @jsondecodeurldecode$this-input-get'get', TRUE; $this-template-assign$params; $name = strreplacearray'\', '/', '..',...