SQL Injection Vulnerability in Office Fly of Zhejiang Eagle Software Co. Ltd (CNVD-2021-10553)

Ltd. ZheJiang Eagle Soft Co., LTD was established in November 2004, the company adhere to the "focus, professional" business philosophy for enterprises, administrative institutions to provide information technology solutions and software services. The company adheres to the business philosophy of...

SQL Injection Vulnerability in ZDNT's Customer Resource Management System (CNVD-2021-10558)

ZDNT Customer Resource Management System is a foreign trade management and foreign trade customer management and other functions of the software. There is a SQL injection vulnerability in ZJUENT Customer Resource Management System, which can be exploited by attackers to obtain sensitive informati...

Vulnerabilities fixed in Cisco Unified Communications

Cisco has fixed multiple vulnerabilities in several Unified Communications products. An authenticated malicious person remote can exploit the vulnerabilities to gain access data on the underlying file system or in the underlying database. This includes hashed passwords stored in this database...

CVE-2021-22850

HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions...

SQL Injection Vulnerability in T_Pr***.aspx Page of KTO's Fully Intelligent Parking Video Charging System

Xiamen Corto Communication Technology Co., Ltd Corto Parking is a professional intelligent parking value operator, providing intelligent parking services to customers. A SQL injection vulnerability exists in the TPr.aspx page of KETOP's fully intelligent parking video charging system. Attackers c...

HGiga EIP Access Control Error Vulnerability

Hgiga HGiga EIP is a product of China Hengji Hgiga Corporation. An Access Control Error vulnerability exists in the HGiga EIP product, which stems from a lack of invalid access control on certain pages and can be exploited by an attacker to access a database or perform privileged functions...

PT-2021-15223 · Hgiga Eip · Hgiga Eip

Name of the Vulnerable Software and Affected Versions: HGiga EIP product affected versions not specified Description: The issue is related to ineffective access control in certain pages of the HGiga EIP product, allowing attackers to access the database or perform privileged functions...

SQL Injection Vulnerability in Dongsheng Logistics Software (CNVD-2021-11043)

Qingdao Dongsheng Weiye Software Co., Ltd. was founded in November 2004, the company's main business expanded into three major segments, namely, logistics consulting, logistics information platform and logistics software. A SQL injection vulnerability exists in Dongsheng Logistics Software, which...

SQL Injection Vulnerability in Kuaipu-M6 Integration Management Platform System of Xiamen Crypto Information Technology Company Limited (CNVD-2021-09667)

Kuaipu-M6 integrated management platform system is a small and medium-sized enterprise integrated management and business application software developed by Xiamen Kuaipu Information Technology Co., Ltd. which has accumulated nearly 15 years of IT operation history and IT management consulting...

CVE-2020-29493

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database, causing unauthorize...

SQL Injection Vulnerability in Website Building System of Hangzhou Lebang Technology Company Limited (CNVD-2021-05505)

Hangzhou Lebang Technology Co., Ltd. provides Internet solutions for corporate brands. A SQL injection vulnerability exists in the website building system of Hangzhou Lebang Technology Co. An attacker can exploit the vulnerability to obtain sensitive information from the database...

SQL Injection Vulnerability in yycms Movie & TV System V2.3 Admin Catalog yy***_km***.php

yycms is a movie and television system. yycms film and television system V2.3 version admin directory yykm.php SQL injection vulnerability, an attacker can use the vulnerability to obtain database sensitive information...

PT-2021-14536 · Unknown · Bw Database Interface

Name of the Vulnerable Software and Affected Versions: BW Database Interface affected versions not specified Description: The issue is related to the BW Database Interface not performing necessary authorization checks for an authenticated user. This results in an escalation of privileges, allowin...

Sql injection

UNSUPPORTED WHEN ASSIGNED EVOLUCARE ECSIMAGING aka ECS Imaging through 6.21.5 has multiple SQL Injection issues in the login form and the password-forgotten form such as /reqpassworduser.php?email=. This allows an attacker to steal data in the database and obtain access to the application. The...

CVE-2021-3118

EVOLUCARE ECSIMAGING (aka ECS Imaging) vulnerable up to version 6.21.5 due to multiple SQL Injection flaws in the login form and the password-forgotten form (e.g., /req_password_user.php?email=). The database component runs as root, enabling data theft and potential full access to the application...

Xiamen Eltong Network Technology Co., Ltd. website building system SQL injection vulnerability

Xiamen Eltong Network Technology Co., Ltd. was founded on April 13, 2005, the scope of business includes computer network technology services; computer application software sales and development, etc.. Xiamen Eltong Network Technology Co., Ltd. website building system has a SQL injection...

ZZCMS suffers from SQL injection vulnerability (CNVD-2021-03377)

ZZCMS is a content management system. ZZCMS suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database...

SQL Injection Vulnerability in Taicang Suyi Information Technology Co.

The business scope of Taicang Suyi Information Technology Co., Ltd. includes: network engineering, webpage production, computer network technology development, software and hardware development, electronic technology research and development, graphic design and production. There is a SQL injectio...

Crimson Critical Function Missing Authentication Vulnerability

Crimson is a programming software from Red Lion. Crimson suffers from a lack of authentication vulnerability in critical functions. An attacker could exploit this vulnerability to read and modify databases without authentication in the default configuration...

SQL Injection Vulnerability in Douxin Us***.cl***.php File

Douxin is an open source framework focused on the development of WeChat. A SQL injection vulnerability exists in the Douxin Us.cl.php file. An attacker can exploit the vulnerability to obtain sensitive database information...