ZZCMS SQL Injection Vulnerability (CNVD-2021-101691)

ZZCMS is a content management system CMS from the Zzcms team in China.ZZCMS is vulnerable to SQL injection in 2021, which stems from a lack of validation of external input SQL statements in the askbigclassid parameter of /admin/ask.php in the application. An attacker could use this vulnerability ...

TuziCMS SQL注入漏洞

TuziCMS Rabbit CMS is a PHP and MySQL based enterprise website content management system. SQL injection vulnerability exists in TuziCMS version v2.0.6, which originates from the id parameter in AppManageControllerAdvertController.class.php, and can be exploited by attackers to vulnerability can b...

Open Solutions For Education openSIS SQL注入漏洞

openSIS is an open source student information management system from Open Solutions for Education. openSIS is vulnerable to a SQL injection vulnerability that originates in /opensis/modules/grades/InputFinalGrades.php due to a lack of validation of external input SQL statement validation. An...

Sourcecodester Online Learning System SQL Injection Vulnerability

Sourcecodester Online Learning System is an online e-learning system based on PHP and MySQL. sourcecodester Online Learning System has a SQL injection vulnerability in v2.0, which stems from the application's lack of validation of external input SQL statements. An attacker can use this...

PHP Event Calendar Lite Edition is vulnerable to SQL injection

PHP Event Calendar is an open source AJAX-based multi-user modern event calendar. It is easy to integrate and fully customizable.PHP Event Calendar Lite Edition is vulnerable to SQL injection, which can be exploited by attackers to execute illegal SQL commands to obtain sensitive database data...

WordPress Post Content XMLRPC plugin SQL injection vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress Post Content XMLRPC plugin, which stems from the plugin'...

YouPHPTube catName parameter SQL injection vulnerability

YouPHPTube is a PHP-based video website system. youPHPTube is vulnerable to SQL injection in version 10.0 and earlier, which stems from the lack of validation of external input SQL statements for the catName parameter. An attacker could use this vulnerability to execute illegal SQL commands to...

WordPress Mangboard plugin SQL injection vulnerability

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. WordPress Mangboard plugin has a SQL injection vulnerability, which originates from the lack of validation of external input SQL statements in order parameters, and can be used by attackers to...

FUEL CMS SQL Injection Vulnerability (CNVD-2021-74294)

FUEL CMS is a content management system CMS based on the Codelgniter framework. FUEL CMS in version 1.5.0 suffers from a SQL injection vulnerability, which originates from the lack of validation of the parameter col in the software's /FUEL/index.php/FUEL/logs/items for externally-inputted SQL...

Simple Water Refilling Station Management System SQL注入漏洞

Simple Water Refilling Station Management System is a simple water refilling station management system . A SQL injection vulnerability exists in the v1.0 version of Simple Water Refilling Station Management System, which originates from the application WaterRefilling/classes/Login.php, the userna...

EARCLINK ESPCMS SQL注入漏洞

Honghu Erchuang Netlink Information Technology EARCLINK ESPCMS is an enterprise website building system from China's Honghu Erchuang Netlink Information Technology Company. A SQL injection vulnerability exists in the espcmsweb/Search.php component of EARCLINK ESPCMS-P8, which can be exploited by...

CVE-2020-23149

The dbName parameter in ajaxDbInstall.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a SQL injection and access sensitive database information...

CVE-2020-23150

A SQL injection vulnerability in config.inc.php of rConfig 3.9.5 allows attackers to access sensitive database information via a crafted GET request to install/lib/ajaxHandlers/ajaxDbInstall.php...

jeecg SQL注入漏洞

Jeecg-Boot is a code generator-based intelligent development platform. jeecg-boot CMS version 2.3 of /jeecg boot/sys/dict/loadtreedata is vulnerable to SQL injection, which can be exploited by attackers to access sensitive database information...

CVE-2020-22174

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\book-appointment.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information...

CVE-2020-22169

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\appointment-history.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information...

CVE-2020-22165

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information...

CVE-2021-32582

An issue was discovered in ConnectWise Automate before 2021.5. A blind SQL injection vulnerability exists in core agent inventory communication that can enable an attacker to extract database information or administrative credentials from an instance via crafted monitor status responses...

Weseek GROWI 注入漏洞

Weseek GROWI is a suite of team collaboration software from Weseek Japan. An input validation error vulnerability exists in WESEEK GROWI that arises from a network system or product that does not properly validate input data. A remote attacker could exploit this vulnerability to obtain or tamper...

SQL Injection Vulnerability in Ke361 Backend Ca***.cl***.php

Ke361 is an open source Taobao system, based on the latest ThinkPHP3.2 version of the development, to provide a more convenient and secure WEB application development experience, the Taobao system adopts a new architectural design and namespace mechanism, the integration of modular, driven and...