CVE-2020-24841

PNPSCADA 2.200816204020 allows SQL injection via parameter 'interf' in /browse.jsp. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database...

QIWI: Remote Code Execution on contactws.contact-sys.com via SQL injection in TAktifBankObject.GetOrder in parameter DOC_ID

Summary The API interface on https://contactws.contact-sys.com:3456/ accepts a body to interact with the server's AppServ object. Because of insufficient input validation, an attacker can abuse the DOCID parameter on the TAktifBankObject operation GetOrder to inject arbitrary SQL statements into...

CVE-2021-26751

NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. This allows an attacker to access all the data in the database and obtain access to the NeDi application...

Sql injection

NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. This allows an attacker to access all the data in the database and obtain access to the NeDi application...

CVE-2021-26751

NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. This allows an attacker to access all the data in the database and obtain access to the NeDi application...

Nedi Consulting NeDi SQL注入漏洞

NeDi is an open source software tool that discovers, maps and inventories network devices and tracks connected end nodes. A SQL injection vulnerability exists in the Monitoring History function in endpoint /Monitoring-History.php in NeDi 1.9C. An attacker can exploit this vulnerability to access...

SQL Injection Vulnerability in Jinwei Mobile Mall of Hubei Taoma Qianwei Information Technology Co.

Jinwei Mobile Mall is a mall management system for micro-business customers with public numbers. Ltd. Jinwei Mobile Mall has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database...

RockOA SQL Injection Vulnerability (CNVD-2021-10484)

RockOA Xinhuo is an open source office OA system. Rockoa v1.8.7 version of the existence of SQL injection vulnerability , the vulnerability wordModel.php parameters in the user input is not effectively filtered , a remote attacker through the injection of SQL statements to execute the acquisition...

Design/Logic Flaw

An issue was discovered in Psyprax before 3.2.2. The Firebird database is accessible with the default user sysdba and password masterke after installation. This allows any user to access it and read and modify the contents, including passwords. Local database files can be accessed directly as wel...

SQL injection vulnerability in ne***.php page of website building system of Guangzhou Chuangke Network Technology Co.

Guangzhou Chuangke Network Technology Co., Ltd. is a business service company that provides customers with marketing website construction, network marketing promotion, website hosting operation, website production, website design, website promotion and maintenance, website SEO optimization, WeCha...

SQL injection vulnerability in pr***.php page of website building system of Guangzhou Chuangke Network Technology Co.

Guangzhou Chuangke Network Technology Co., Ltd. is a business service company that provides customers with marketing website construction, network marketing promotion, website hosting operation, website production, website design, website promotion and maintenance, website SEO optimization, WeCha...

SQL injection vulnerability in website builder system ne***.aspx page of Hangzhou Orange Promise Technology Co.

Hangzhou Orange Promise Technology Co., Ltd. is a company specializing in Internet branding and Internet marketing. Hangzhou Orange Promise Technology Co., Ltd. station building system ne.aspx page SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive information...

RockOA SQL注入漏洞

RockOA Xinhuo is an open source office OA system. Rockoa v1.8.7 version of the existence of SQL injection vulnerability , the vulnerability wordModel.php parameters in the user input is not effectively filtered , a remote attacker through the injection of SQL statements to execute the acquisition...

SQL injection vulnerability in pr***.asp page of website building system of Ruian UB Technology Co.

Ltd. is a social public to provide web design and production, Baidu / Google SEO optimization and promotion, cell phone website, WeChat public platform, foreign trade monitoring enterprise mailboxes and other network information consulting services, product albums catalogs, corporate CD-ROM desig...

SQL injection vulnerability in SeaCMS backend (CNVD-2021-14497)

SeaCMS Ocean CMS is a web content management system based on PHP+MYSQL architecture and supports cross-platform operation. A SQL injection vulnerability exists in the backend of SeaCMS. An attacker can exploit this vulnerability to obtain sensitive information from the database...

SQL Injection Vulnerability in wise on-demand Server

wise on-demand server software is server-side distribution software that provides streaming playback of audio and video files. A SQL injection vulnerability exists in the sewise on-demand server, which can be exploited by an attacker to obtain sensitive information from the database...

SQL Injection Vulnerabilities in the Website Building System of Shenyang Uno Network Technology Co.

Shenyang Uno Network Technology Co., Ltd. mainly provides website production and host maintenance, domain name registration services and network marketing and promotion programs. Shenyang Uno Network Technology Co., Ltd. website building system there is a SQL injection vulnerability, attackers ca...

Bosch FSM-2500 server 和 Bosch FSM-5000 server 信任管理问题漏洞

Bosch FSM-2500 and Bosch FSM-5000 are both panel-ready fire control systems from Bosch of Germany. Bosch FSM-2500 and Bosch FSM-5000 suffer from a hard-coded vulnerability that could be exploited by remote attackers to submit special requests to gain unauthorized access to the database system wit...

SQL Injection Vulnerability in UFIDA U8-OA (CNVD-2021-12781)

Founded in 1988, UFIDA is a leading global provider of cloud services and software for enterprises and public organizations. A SQL injection vulnerability exists in UFIDA U8-OA. An attacker can exploit the vulnerability to gain access to sensitive database information...

SQL Injection Vulnerability in Office Fly of Zhejiang Eagle Software Co. Ltd (CNVD-2021-10555)

Ltd. ZheJiang Eagle Soft Co., LTD was established in November 2004, the company adhere to the "focus, professional" business philosophy for enterprises, administrative institutions to provide information technology solutions and software services. The company adheres to the business philosophy of...