13184 matches found
CVE-2017-11678
SQL injection vulnerability in Hashtopus 1.5g allows remote authenticated users to execute arbitrary SQL commands via the format parameter in admin.php...
Subrion CMS SQL Injection Vulnerability (CNVD-2017-18105)
Subrion CMS is a PHP-based content management system CMS developed by the Subrion team. The system can be integrated into a website and supports a wide range of extensions plug-ins and more. A SQL injection vulnerability exists in the /front/search.php file in Subrion CMS versions prior to...
SQL Injection
Subrion is vulnerable to SQL Injection attacks. The library does not have any checking for user input through the $GET parameter in /front/search.php, allowing a malicious user to inject and execute arbitrary SQL...
Fiyo CMS SQL Injection Vulnerability (CNVD-2017-23897)
Fiyo CMS is a content management system CMS for creating CMS templates. A SQL injection vulnerability exists in the dapur/apps/appcomment/controller/commentstatus.php file in Fiyo CMS version 2.0.7. A remote attacker can exploit the vulnerability to execute arbitrary SQL commands with the help of...
CVE-2017-1000031
SQL injection vulnerability in graphtemplatesinputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graphtemplateinputid and graphtemplateid parameters...
Sql injection
SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to execute arbitrary SQL commands via "File Transfer Web Service"...
CVE-2017-6698
A vulnerability in the Cisco Prime Infrastructure PI and Evolved Programmable Network Manager EPNM SQL database interface could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. More...
ThinkPHP5 PDO Authenticity Preprocessing suffers from SQL Injection Vulnerability
ThinkPHP V5.0 is a high-performance framework designed for API development. A SQL injection vulnerability exists in ThinkPHP5 PDO authenticity preprocessing. The vulnerability is caused by controlling the value position of the in statement, i.e. by passing in an array, leading to a SQL injection...
http-vuln-cve2017-8917 NSE Script
An SQL Injection vulnerability affecting Joomla! 3.7.x before 3.7.1 allows for unauthenticated users to execute arbitrary SQL commands. This vulnerability was caused by a new component, comfields, which was introduced in version 3.7. This component is publicly accessible, which means this can be...
Sql injection
SQL injection vulnerability in CInfoService.asmx in WebServices in Easysite 7.0 could allow remote attackers to execute arbitrary SQL commands via an XML document containing a crafted ArticleIDs element within a GetArticleHitsArray element...
SQL Injection
Moodle is vulnerable to SQL injection attacks. The library does not sanitize form data, allowing a malicious user can inject and execute arbitrary SQL...
CVE-2015-9098
In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote attacker can gain unauthenticated access to the Base Monitor, resulting in the ability to execute arbitrary SQL commands on any monitored Microsoft SQL Server machines. If the Base Monitor is connecting to these machines using an...
Cisco Prime Infrastructure SQL Injection Vulnerability (cisco-sa-20170621-piepnm2)
A vulnerability in the Cisco Prime Infrastructure PI SQL database interface could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be...
CVE-2016-7508
Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an authenticated remote attacker to execute arbitrary SQL commands by using a certain character when the database is configured to use Big5 Asian encoding...
nuevoMailer version 6.0 and earlier time-based SQL Injection
Description: SQL injection vulnerability in rdr.php in nuevoMailer version 6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the "r" parameter. PoC: https://vulnerablesite.com/inc/rdr.php?r=69387c602c1056c556time based SQL INJ...
CVE-2017-9730
CVE-2017-9730 affects nuevoMailer 6.0 and earlier, where the vulnerability is a SQL injection in rdr.php via the r parameter. The root cause is unsanitized input leading to remote code execution of arbitrary SQL commands. Multiple connected sources confirm the same description and indicate a time...
nuevoMailer 6.0 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: nuevoMailer version 6.0 and earlier time-based SQL Injection Exploit Author: ALEH BOITSAU Google Dork: inurl:/inc/rdr.php? Date: 2017-06-09 Vendor Homepage: https://www.nuevomailer.com/ Version: 6.0 and earlier Tested on: Linux...
WordPress WP Jobs Plugin SQL Injection Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.WP Jobs plugin is one of the post management plugin. A SQL injection vulnerability exists in WordPress WP Jobs plug...
Sql injection
Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager CUCDM could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc52784 CSCvc97648. Known Affected...
Sql injection
SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php...