CVE-2018-6792

Multiple SQL injection vulnerabilities in Saifor CVMS HUB 1.3.1 allow an authenticated user to execute arbitrary SQL commands via multiple parameters to the /cvms-hub/privado/seccionesmib/secciones.xhtml resource. The POST parameters are jidt118, jidt120, jidt122, jidt124, jidt126, jidt128, and...

Joomla com_visualcalendar Component SQL Injection (CVE-2018-6395)

An SQL injection vulnerability exists in Joomla comvisualcalendar Component. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

User Control - Unauthenticated SQL Injection

The User Control plugin has a vulnerability that allows every unauthenticated website visitor to perform arbitrary SQL queries...

PACSOne Server 6.6.2 DICOM Web Viewer SQL Injection

Exploit Title: PACSOne Server 6.6.2 DICOM Web Viewer SQL Injection Date: 08/14/2017 Software Link: http://www.pacsone.net/download.htm Version: PACSOne Server 6.6.2 Exploit Author: Carlos Avila Google Dork: inurl:pacs/login.php inurl:pacsone/login.php inurl:pacsone filetype:php home inurl:pacsone...

Sql injection

SQL injection vulnerability in RISE Ultimate Project Manager 1.9 allows remote attackers to execute arbitrary SQL commands via the search parameter to index.php/knowledgebase/getarticlesuggestion/...

CVE-2017-17999

SQL injection vulnerability in RISE Ultimate Project Manager 1.9 allows remote attackers to execute arbitrary SQL commands via the search parameter to index.php/knowledgebase/getarticlesuggestion/...

CVE-2017-17999

SQL injection vulnerability in RISE Ultimate Project Manager 1.9 allows remote attackers to execute arbitrary SQL commands via the search parameter to index.php/knowledgebase/getarticlesuggestion/...

WordPress YITH WooCommerce Wishlist Plugin SQL Injection

An SQL injection vulnerability has been reported in WordPress YITH WooCommerce Wishlist Plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

Sql injection

Multiple SQL injection vulnerabilities in Muviko 1.1 allow remote attackers to execute arbitrary SQL commands via the 1 email parameter to login.php; the 2 seasonid parameter to themes/flixer/ajax/loadseason.php; the 3 movieid parameter to themes/flixer/ajax/getrating.php; the 4 rating or 5 movie...

CVE-2017-17970

Multiple SQL injection vulnerabilities in Muviko 1.1 allow remote attackers to execute arbitrary SQL commands via the 1 email parameter to login.php; the 2 seasonid parameter to themes/flixer/ajax/loadseason.php; the 3 movieid parameter to themes/flixer/ajax/getrating.php; the 4 rating or 5 movie...

CVE-2017-7997

Multiple SQL injection vulnerabilities in Gespage before 7.4.9 allow remote attackers to execute arbitrary SQL commands via the 1 showprn parameter to webapp/users/prnow.jsp or showmonth parameter to 2 webapp/users/blhistory.jsp or 3 webapp/users/prhistory.jsp...

Sql injection

SQL injection vulnerability in the checkPassword function in Symmetricom s350i 2.70.15 allows remote attackers to execute arbitrary SQL commands via vectors involving a username...

CVE-2014-5071

SQL injection vulnerability in the checkPassword function in Symmetricom s350i 2.70.15 allows remote attackers to execute arbitrary SQL commands via vectors involving a username...

CVE-2014-5071

SQL injection vulnerability in the checkPassword function in Symmetricom s350i 2.70.15 allows remote attackers to execute arbitrary SQL commands via vectors involving a username...

CVE-2017-5971

SQL injection vulnerability in NewsBee CMS allow remote attackers to execute arbitrary SQL commands...

Ruby on Rails SQL Injection Vulnerability (CNVD-2018-01347)

Ruby on Rails is a Web application development framework written in the Ruby language. A SQL injection vulnerability exists in the 'reorder' method in Ruby on Rails 5.1.4 and earlier. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands via the 'name' parameter...

Ruby on Rails SQL Injection Vulnerability (CNVD-2018-01350)

Ruby on Rails is a Web application development framework written in the Ruby language. A SQL injection vulnerability exists in the 'findby' method in Ruby on Rails 5.1.4 and earlier. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands via the 'name' parameter...

Sql injection

DISPUTED SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with...

CVE-2017-17919

SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted...

CVE-2017-17920

SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted...