CVE-2017-1000004

ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Course Email, Course Alumni, Course Enrolment, Group Membership, Course unenrolment, Course Enrolment List Search, Glossary, Social Group Member Search, Social Friend...

Sql injection

ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Course Email, Course Alumni, Course Enrolment, Group Membership, Course unenrolment, Course Enrolment List Search, Glossary, Social Group Member Search, Social Friend...

CVE-2017-1000004

CVE-2017-1000004 affects ATutor versions 2.2.1 and earlier, with a SQL injection vulnerability across multiple components (Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Course Email, Course Alumni, Course Enrolment, Group Membership, Course unenrolment, Course Enrolment List Search, Glossa...

CVE-2017-1000004

ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Course Email, Course Alumni, Course Enrolment, Group Membership, Course unenrolment, Course Enrolment List Search, Glossary, Social Group Member Search, Social Friend...

Logical design flaws in mallbuilder e-commerce system

MallBuilder is a multi-user online shopping mall solution based on PHP + MYSQL. A logical design vulnerability exists in the mallbuilder e-commerce system. An attacker can exploit this vulnerability to modify database information...

Unauthorized operation vulnerability in 74cms frontend

74cms knight cms is a PHP-based open source professional talent system. 74cms has an override access vulnerability. Attackers can use the vulnerability to modify database information...

Arbitrary File Deletion Vulnerability in the Latest Version of Microgaming

Microspring is a free and open source public number management system developed by Cebu Tao Sheng Network Technology Co. There is an arbitrary file deletion vulnerability in the latest version of Weixing, which can be exploited by an attacker to modify any database information...

Unauthorised Modification

moodle is vulnerable to unauthorised modifications. A malicious user can bypass an activity's read-only state by using the student role and modify the database...

GPS Tools Component SQL Injection Vulnerability in Joomla!

Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. The system provides RSS feeds , site search and other functions . A SQL injection vulnerability exists in the Joomla GPS Tools component. An attacker can exploit the vulnerability t...

CVE-2016-9993

IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference : 1992067...

Joomla djcatalog2 Component SQL Injection Vulnerability

Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the Joomla djcatalog2 component. An attacker can exploit the vulnerability to access or modify database data...

CVE-2016-7792

Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote attackers to modify the database by directly connecting to it...

Code injection

Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote attackers to modify the database by directly connecting to it...

e107 CMS is less than or equal to 2. 1. 2 elevation of privilege vulnerability analysis-vulnerability warning-the black bar safety net

0x00 vulnerability background e107 CMS is a based on PHP, Bootstrap, Mysql, web site content management system, can be widely used for personal blogs, enterprise built station, in the global range more widely. 0x01 vulnerability affects version version 0x02 vulnerability analysis of the environme...

Cybozu Garoon SQL Injection Vulnerability (CNVD-2016-12886)

Cybozu Garoon is a portal-type OA office system of Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin boards, document management, and other functions, and supports free switching among three languages Chinese, Japanese, and English. A SQL injection vulnerability...

SQL Servers SQL Injection Obfuscation Techniques (CVE-2014-9239; CVE-2020-10546; CVE-2020-10547; CVE-2020-10548; CVE-2020-10549)

Attackers may use SQL injection techniques in order to execute SQL commands on SQL servers. To avoid detection by security devices, such attackers might use various obfuscation techniques to conceal their actions. Successful exploitation could allow an attacker to disclose confidential informatio...

CVE-2016-3914

Race condition in providers/telephony/MmsProvider.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application that modifies a database between two open...

Race condition

Race condition in providers/telephony/MmsProvider.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application that modifies a database between two open...

Navis WebAccess SQL Injection Vulnerability

Navis WebAccess is a set of Web-based applications from Navis, Inc. that provide cross-endpoint access to transaction data through a Web browser. A SQL injection vulnerability exists in Navis WebAccess, which arises from the program's failure to adequately filter user-submitted input before...

PHPBack SQL Injection Vulnerability

PHPback is an open source web application feedback system that provides users with feedback on issues and suggestions to help improve the site. A SQL injection vulnerability exists in the 'orderby' parameter in PHPBack version 3.0. Allow attackers to exploit the vulnerability to modify the conten...