CVE-2026-40552

mpGabinet is vulnerable to Remote Command Execution. An authorized user with access to the application and direct access to the backend database can achieve system command execution by uploading an attachment and modifying its storage path in the database to reference an attacker-controlled remot...

EUVD-2017-2771

Malware in sbrugna...

EUVD-2015-6359

Malware in sbrugna...

WeGIA SQL注入漏洞

WeGIA is a web manager for welfare organizations. WeGIA suffers from an SQL injection vulnerability that can be exploited by an attacker to view, add, modify, or delete information in the back-end database...

PT-2024-18927 · Unknown +1 · Divido Payment Extension +1

Name of the Vulnerable Software and Affected Versions: opencart/opencart versions 0.0.0 through 3.0.3.9 Description: An SQL Injection issue was identified in the Divido payment extension for OpenCart. As an anonymous unauthenticated user, if the Divido payment module is installed, it is possible ...

CVE-2024-28968

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for internal email and collection settings REST APIs if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the executio...

Cisco IoT Field Network Director SQL注入漏洞

Cisco IoT Field Network Director IoT-FND is an end-to-end IoT management system from Cisco USA. The system features device management, asset tracking and smart metering. Cisco IoT Field Network Director suffers from a SQL injection vulnerability that results from insufficient input validation of...

IBM Sterling B2B Integrator SQL Injection Vulnerability (CNVD-2019-44534)

IBM Sterling B2B Integrator is a suite of software from IBM USA that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. A SQL injection vulnerability exists in IBM Sterling B2B...

Oracle Property Management Platform remote command execution and the cardholder data is decrypted vulnerability analysis-vulnerability warning-the black bar safety net

Recently, I found that in some large business hotel, the reception data management system of Oracle Opera in the presence of a plurality of security vulnerabilities. Hackers can exploit these vulnerabilities, the hotel booking App mentioning the right to get higher user usage rights; at the same...

CVE-2015-6417

Cisco Videoscape Distribution Suite Service Manager VDS-SM 3.4.0 and earlier does not always use RBAC for backend database access, which allows remote authenticated users to read or write to database entries via 1 the GUI or 2 a crafted HTTP request, aka Bug ID CSCuv87025...

Humhub 0.10.0-rc.1 - SQL Injection

Exploit Title: Humhub condition is injected with the otherwise unsanitized $lastEntryId, which can be any SQL injection. Proof of Concept: Performing the following request index.php?r=notification/list/index&from=999 AND CASE WHEN 0x30SELECT substringpassword,1,1 FROM userpassword WHERE id = 1 TH...

某通用型校园校务系统SQL注入之二

简要描述： boom！！！ 详细说明： 厂商：南京苏亚星资讯科技开发有限公司 漏洞位于：/SM2005/jiaoshi/InfoSet/Left.asp?id= id参数没有过滤，导致注射。 直接访问http://www.sdwhys.com/SM2005/jiaoshi/InfoSet/ 有个越权报错，查看源代码可以拼接成注入链接 百度关键字:/SM2005 列举5个案例证明通用性： http://www.sdwhys.com/SM2005/jiaoshi/InfoSet/Left.asp?id=0 Place: GET Parameter: id Type: stacked...