Enalean Tuleap SQL Injection Vulnerability (CNVD-2018-06466)

Enalean Tuleap software engineering platform is an open source software development and project management platform from Enalean, France. The platform provides enterprise application lifecycle management , as well as project tracking , source code management and team collaboration and other...

CVE-2018-7538

A SQL injection vulnerability in the tracker functionality of Enalean Tuleap software engineering platform before 9.18 allows attackers to execute arbitrary SQL commands...

TYPO3 News Module SQL Injection

This module exploits a SQL Injection vulnerability In TYPO3 NewsController.php in the news module 5.3.2 and earlier. It allows an unauthenticated user to execute arbitrary SQL commands via vectors involving overwriteDemand and OrderByAllowed. The SQL injection can be used to obtain password hashe...

ClipBucket SQL Injection Vulnerability (CNVD-2018-04993)

ClipBucket is an open source video sharing software developed by Arslan team. The software allows you to share videos to video sites and supports the lights off effect when watching a movie. A SQL injection vulnerability exists in versions prior to ClipBucket 4.0.0 Release 4902. A remote attacker...

Sql injection

SQL injection vulnerability in files.php in the "files" component in ASANHAMAYESH CMS 3.4.6 allows a remote attacker to execute arbitrary SQL commands via the "id" parameter...

CVE-2018-7463

SQL injection vulnerability in files.php in the "files" component in ASANHAMAYESH CMS 3.4.6 allows a remote attacker to execute arbitrary SQL commands via the "id" parameter...

CVE-2018-7463

SQL injection vulnerability in files.php in the "files" component in ASANHAMAYESH CMS 3.4.6 allows a remote attacker to execute arbitrary SQL commands via the "id" parameter...

CVE-2018-7463

CVE-2018-7463 concerns ASANHAMAYESH CMS 3.4.6. The vulnerability lies in the files.php within the files component, where a remote attacker can inject SQL via the id parameter, potentially allowing arbitrary SQL execution. Multiple sources (NVD/NVDC CNVD entry) confirm the affected product and the...

CVE-2017-18194

SQL injection vulnerability in users/signup.php in the "signup" component in HamayeshNegar CMS allows a remote attacker to execute arbitrary SQL commands via the "utype" parameter...

CVE-2017-18194

HamayeshNegar CMS is affected in its signup component (users/signup.php). The vulnerability is a SQL injection caused by the utype parameter, allowing a remote attacker to execute arbitrary SQL commands. The exploitation details are not provided in the documents; no patch or remediation steps are...

CVE-2015-5725

SQL injection vulnerability in the offset method in the Active Record class in CodeIgniter before 2.2.4 allows remote attackers to execute arbitrary SQL commands via vectors involving the offset variable...

Sql injection

SQL injection vulnerability in the "Content Types Content Types" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the EXTSTRUCTUREdirection parameter...

CVE-2016-10008

SQL injection vulnerability in the "Content Types Content Types" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the EXTSTRUCTUREdirection parameter...

CVE-2016-10008

SQL injection vulnerability in the "Content Types Content Types" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the EXTSTRUCTUREdirection parameter...

CVE-2016-10007

SQL injection vulnerability in the "Marketing Forms" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the EXTFORMHANDLERorderBy parameter...

CVE-2016-10008

SQL injection vulnerability in the "Content Types Content Types" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the EXTSTRUCTUREdirection parameter...

Joomla Google Map Landkarten 4.2.3 Component - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Joomla! Component Google Map Landkarten = 4.2.3 - SQL Injection Vendor Homepage: http://www.joomla-24.de/ Software Link: https://extensions.joomla.org/extensions/extension/maps-a-weather/maps-a-locations/google-map-landkarten/...

Joomla! Component Google Map Landkarten 4.2.3 - SQL Injection

Exploit Title: Joomla! Component Google Map Landkarten = 4.2.3 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://www.joomla-24.de/ Software Link: https://extensions.joomla.org/extensions/extension/maps-a-weather/maps-a-locations/google-map-landkarten/ Software Download:...

CVE-2018-6792

Multiple SQL injection vulnerabilities in Saifor CVMS HUB 1.3.1 allow an authenticated user to execute arbitrary SQL commands via multiple parameters to the /cvms-hub/privado/seccionesmib/secciones.xhtml resource. The POST parameters are jidt118, jidt120, jidt122, jidt124, jidt126, jidt128, and...

Sql injection

Multiple SQL injection vulnerabilities in Saifor CVMS HUB 1.3.1 allow an authenticated user to execute arbitrary SQL commands via multiple parameters to the /cvms-hub/privado/seccionesmib/secciones.xhtml resource. The POST parameters are jidt118, jidt120, jidt122, jidt124, jidt126, jidt128, and...