757 matches found
OpenAsset Digital Asset Management SQL Injection Vulnerability
Openasset is a digital asset management software for the website building industry from Openasset UK. OpenAsset Digital Asset Management suffers from a SQL injection vulnerability that originates from a blind remote SQL injection via authentication, which can be exploited by an attacker to gain...
SQL Injection Vulnerability in Kaixin Worklog System worklog
Kaixin Worklog Worklog system is a software system based on B/S to build the collaborative office within the enterprise. The system uses ASP.NET language development. Worklog system worklog star SQL injection vulnerability , attackers can use the vulnerability to obtain sensitive information...
Siemens XHQ SQL Injection Vulnerability
Siemens XHQ is a software platform that aggregates plant or pipeline operational data, processes it in a goal-oriented manner, and then makes decisions in real time to effectively improve plant or pipeline operational performance. A SQL injection vulnerability exists in Siemens XHQ versions prior...
CVE-2020-29284
The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the tableid parameter which allows unauthenticated SQL Injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?tableid= to trigger the...
SQL injection vulnerability in ad***.cl***.php file in the backend of MTCEO repository system
MTCEO library system using php + mysql, built by thinkphp underlying , Baidu library template style for the basic style . MTCEO library system background ad.cl.php file SQL injection vulnerability. Attackers can use the vulnerability to obtain database sensitive information...
SQL Injection Vulnerability in JfinalOA
JfinalOA is a set of open source office OA system development framework. JfinalOA SQL injection vulnerability , an attacker can exploit the vulnerability to obtain sensitive database information...
CVE-2020-8887
Telestream Tektronix Medius before 10.7.5 and Sentry before 10.7.5 have a SQL injection vulnerability allowing an unauthenticated attacker to dump database contents via the page parameter in a page=login request to index.php aka the server login page...
ZZCMS 2020 Frontend SQL Injection Vulnerability
ZZCMS is a content management system for Webmaster Merchants. A SQL injection vulnerability exists in the ZZCMS 2020 frontend, which can be exploited by attackers to obtain sensitive information from the database...
CVE-2020-14068
An issue was discovered in MK-AUTH 19.01. The web login functionality allows an attacker to bypass authentication and gain client privileges via SQL injection in central/executarlogin.php...
SQL Injection Vulnerability in the Frontend of waychar Enrollment System
Waychar Enrollment System is a PHP/MYSQL based enrollment system. A SQL injection vulnerability exists in the frontend of waychar enrollment system. An attacker can exploit this vulnerability to obtain sensitive information from the database...
SQL Injection Vulnerability in BEESCMS Backend ad***_bo***.php Page
BEESCMS is a scalable content management system CMS based on PHP and MySQL. A SQL injection vulnerability exists in the adbo.php page in the BEESCMS backend. An attacker can exploit the vulnerability to obtain sensitive database information...
PT-2020-17812 · Unknown · Ultralog Express
Name of the Vulnerable Software and Affected Versions: UltraLog Express affected versions not specified Description: The issue concerns the UltraLog Express device management interface, which fails to properly filter user-inputted strings in specific parameters. This allows attackers to inject...
Kodak Multimedia Recording and Playback System has SQL Injection Vulnerability
Ltd. is a provider of video and security products and solutions, dedicated to video conferencing, video surveillance and video application solutions to help various government and enterprise customers to solve visual communication and management challenges. A SQL injection vulnerability exists in...
Simplejobscript.com SJS SQL Injection Vulnerability
Simplejobscript.com SJS is a WEB based recruitment application service program. A SQL injection vulnerability exists in Simplejobscript.com SJS, which stems from a lack of validation of externally entered SQL statements in database-based applications and can be exploited by an attacker to execute...
SQL Injection Vulnerability in MediPro's Township Government Portal System
MediPro Township Government Portal System is a website suitable for township government agencies to create local portals to publicize local resources, realize open government affairs and promote township grassroots informatization. A SQL injection vulnerability exists in MediPro Township Governme...
Online TV Database SQL Injection Vulnerability
Online TV Database is a set of online TV program database. A SQL injection vulnerability exists in the 'ID' parameter in Online TV Database version 2011. The vulnerability stems from a database-based application that lacks validation of externally entered SQL statements. An attacker can exploit...
SQL Injection Vulnerability in the Background Administration C***t.asp Page of Angel School Training Website System
Angel school training website system is an open source website management system. Angel school training website system background management Ct.asp page there is a SQL injection vulnerability , attackers can use the vulnerability to obtain sensitive information in the database...
PowerSoft Agile Development Framework 7.0.6 suffers from SQL Injection Vulnerability
PowerSoft Agile Development Framework is a set of software system projects based on intelligent scalable components, suitable for enterprise management software and Internet platform back-end system development, the framework provides a perfect permissions role management functions, rapid...
SQL Injection Vulnerability in Laike E-commerce System (CNVD-2020-01258)
Laike e-commerce with independent copyright system, is an integrated e-commerce system all the functions of the platform. A SQL injection vulnerability exists in Laike E-commerce system, which can be exploited by attackers to access sensitive database information...
SQL injection vulnerability in seacms backend (CNVD-2019-43675)
Ocean CMS seacms is a video-on-demand system based on PHP+MySql technology. There is a SQL injection vulnerability in the backend of seacms, which can be exploited by attackers to obtain sensitive database information...