13184 matches found
Sql injection
SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jojsoncheck function in jocms/apps/mask/inc/getmask.php...
CVE-2021-37497
SQL injection vulnerability in route of PbootCMS 3.0.5 allows remote attackers to run arbitrary SQL commands via crafted GET request...
CVE-2021-36433
SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jodeletemask function in jocms/apps/mask/mask.php...
CVE-2021-36434
CVE-2021-36434 affects jocms version 0.8. The vulnerability is a SQL injection in the jo_json_check function located at jocms/apps/mask/inc/getmask.php, allowing remote attackers to run arbitrary SQL commands and view sensitive information. Multiple connected sources corroborate the issue and its...
CVE-2021-36432
CVE-2021-36432 describes an SQL injection in the Jocms CMS (version 0.8) via the function jo_set_mask() in jocms/apps/mask/mask.php . The vulnerability enables remote attackers to execute arbitrary SQL and access sensitive data. Public PoC/exploitation is indicated in the ADP entry (Exploitation:...
CVE-2021-36503
SQL injection vulnerability in native-php-cms 1.0 allows remote attackers to run arbitrary SQL commands via the cat parameter to /list.php file...
CVE-2021-36431
SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jojsoncheck function in jocms/apps/mask/inc/mask.php...
CVE-2021-36434
SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jojsoncheck function in jocms/apps/mask/inc/getmask.php...
CVE-2021-36432
SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via josetmask function in jocms/apps/mask/mask.php...
CVE-2021-36431
SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jojsoncheck function in jocms/apps/mask/inc/mask.php...
CVE-2021-36484
SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page...
CVE-2021-36433
SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jodeletemask function in jocms/apps/mask/mask.php...
SQL Injection
CakePHP is vulnerable to SQL Injection attacks. The vulnerability exists in limit and offset functions of Query.php due to unsantized user input which allows an attacker to inject and execute arbitrary SQL queries...
NexusPHP SQL Injection Vulnerability (CNVD-2023-05400)
NexusPHP is a free and open source complete PT site building solution. versions prior to NexusPHP 1.7.33 have a security vulnerability that could be exploited by attackers to allow remote attackers to execute arbitrary SQL commands via the conuser parameter in takeconfirm.php...
CVE-2023-22324
SQL injection vulnerability in the CONPROSYS HMI System CHS Ver.3.5.0 and earlier allows a remote authenticated attacker to execute an arbitrary SQL command. As a result, information stored in the database may be obtained...
SQL Injection
liftkit/database is vulnerable to SQL Injection attacks. A specifically crafted attack statement through the processOrderBy function in Query.php allows a malicious user to inject and execute arbitrary SQL queries on the target system...
SQL Injection
apersistence is vulnerable to SQL Injection. The vulnerability exists due to a lack of user input validation in mysqlUtils.js, which allows an attacker to inject and execute arbitrary SQL commands...
CVE-2022-46887
Multiple SQL injection vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to execute arbitrary SQL commands via the conuser parameter in takeconfirm.php; the delcheater parameter in cheaterbox.php; or the usernw parameter in nowarn.php...
Sql injection
Multiple SQL injection vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to execute arbitrary SQL commands via the conuser parameter in takeconfirm.php; the delcheater parameter in cheaterbox.php; or the usernw parameter in nowarn.php...
CVE-2022-46887
Multiple SQL injection vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to execute arbitrary SQL commands via the conuser parameter in takeconfirm.php; the delcheater parameter in cheaterbox.php; or the usernw parameter in nowarn.php...