GHSA-67F6-C8MX-4Q2M Uncontrolled Resource Consumption in JPA Server in HAPI FHIR

JPA Server in HAPI FHIR before 5.4.0 allows a user to deny service e.g., disable access to the database after the attack stops via history requests. This occurs because of a SELECT COUNT statement that requires a full index scan, with an accompanying large amount of server resources if there are...

Uncontrolled Resource Consumption

JPA Server in HAPI FHIR before 5.4.0 allows a user to deny service e.g., disable access to the database after the attack stops via history requests. This occurs because of a SELECT COUNT statement that requires a full index scan, with an accompanying large amount of server resources if there are...

CVE-2021-33894

In Progress MOVEit Transfer before 2019.0.6 11.0.6, 2019.1.x before 2019.1.5 11.1.5, 2019.2.x before 2019.2.2 11.2.2, 2020.x before 2020.0.5 12.0.5, 2020.1.x before 2020.1.4 12.1.4, and 2021.x before 2021.0.1 13.0.1, a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in th...

CVE-2021-33894

MOVEit Transfer contains a SQL injection vulnerability in SILUtility.vb within MOVEit.DMZ.WebApp affecting multiple release lines (2019.x, 2020.x, 2021.x up to 2021.0.1). An authenticated attacker could access the database, and depending on the engine (MySQL, Microsoft SQL Server, or Azure SQL) p...

Progress Software MOVEit Transfer SQL注入漏洞

Progress Software MOVEit Transfer is a suite of file transfer software from Progress Software, USA. A security vulnerability exists in MOVEit Transfer that allows an authenticated attacker to gain unauthorized access to a database...

CVE-2020-24862

The catID parameter in Pharmacy Medical Store and Sale Point v1.0 has been found to be vulnerable to a Time-Based blind SQL injection via the /medical/inventories.php path which allows attackers to retrieve all databases...

Sourcecodester Medical Store Point SQL注入漏洞

Sourcecodester Medical Store Point is a Sourcecodester open source application. A Pharmacy/Medical Store Point of Sale POS system. Pharmacy Medical Store and Sale Point suffers from a SQL injection vulnerability that originates from a blind time-based SQL injection attack performed on the Medical...

Fangfa FDCMS SQL注入漏洞

FDCMS is a PHP-based content management system of Sichuan Method Digital Technology Co. A SQL injection vulnerability exists in FDCMS version 4.0. An attacker can use this vulnerability to inject malicious SQL via Admin/Lib/Action/FloginAction.class.php to obtain database records...

SQL Injection Vulnerability in SEACMS (CNVD-2021-41711)

SEACMS is a video-on-demand system designed for webmasters with different needs. SEACMS suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

Advantech iView² suffers from SQL injection vulnerability

iView² is a network element management system based on SNMP configuration and management of B B SmartWorx chassis and module products It is a WEB application whose main functional programs are located on a WEB server and can be accessed by all users via a WEB browser. An SQL injection vulnerabili...

Shandong Juheng Network Technology Co., Ltd. website building system has SQL injection vulnerabilities

Shandong Juheng Network Technology Co., Ltd, is a leading domestic digital platform service provider. Shandong Juheng Network Technology Co., Ltd. website building system exists SQL injection vulnerability, attackers can use the vulnerability to obtain database sensitive information...

BEESCMS suffers from SQL injection vulnerability (CNVD-2021-40206)

BEESCMS adopts PHP+MYSQL, featuring multi-language system and easy expansion of content modules. BEESCMS has SQL injection vulnerability. Attackers can use the vulnerability to obtain sensitive information in the database...

SQL Injection Vulnerability in Ruiyi Education Cloud Teaching Analysis System

Ruiyi Education Technology Co., Ltd. is a Ruiyi intelligent teaching overall solution, integrating the self-developed Ruiyi cloud teaching system, cloud resource library system, cloud question bank system. There is a SQL injection vulnerability in RuiYi Education Cloud Teaching Analysis System,...

SQL Injection Vulnerability in SEMCMS Shop Backend (CNVD-2021-40213)

SEMCMS Shop is a self-developed open source online store btc system. SQL injection vulnerability exists in SEMCMS Shop backend. Attackers can use the vulnerability to obtain sensitive information in the database...

SQL Injection Vulnerability in Shipping 100 Autoship System

Shipping 100 is a virtual goods autoship system/article pay to read system. A SQL injection vulnerability exists in the Shipment 100 Autoship System. An attacker can exploit the vulnerability to obtain sensitive information from the database...

CVE-2021-31827

In Progress MOVEit Transfer before 2021.0 13.0, a SQL injection vulnerability has been found in the MOVEit Transfer web app that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used MySQL, Microsoft SQL Server...

CVE-2021-31827

In Progress MOVEit Transfer before 2021.0 13.0, a SQL injection vulnerability has been found in the MOVEit Transfer web app that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used MySQL, Microsoft SQL Server...

SQL Injection Vulnerability in SEMCMS SCSHOP (CNVD-2021-38027)

SCSHOP is a self-developed open source online store btc system. SEMCMS SCSHOP suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database...

Station Helpers CMS suffers from SQL injection vulnerability (CNVD-2021-37351)

Station Helpers CMS is a CMS open source system dedicated to creating a full-featured ... Station Helpers CMS has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

SQL Injection Vulnerability in Lansing Sky Human Resource Management System

Ltd. is a focus on human resources management software research, development and solutions for high-tech enterprises. Lanxin Tianji human resources management system SQL injection vulnerability, an attacker can use the vulnerability to obtain sensitive information in the database...