Red Lion Controls Crimson 访问控制错误漏洞

Crimson is a programming software from Red Lion. Crimson suffers from a lack of authentication vulnerability in critical functions. An attacker could exploit this vulnerability to read and modify databases without authentication in the default configuration...

SQL Injection Vulnerability in Website Building System of Shenzhen Armed Network Technology Development Co.

Shenzhen at hand network technology development limited company business scope includes: computer database, computer system analysis; provide computer technical services; business e-commerce and so on. Ltd. station building system SQL injection vulnerability, attackers can use the vulnerability t...

PT-2020-17384 · Bigprof · Bigprof Online Invoicing System

Name of the Vulnerable Software and Affected Versions: BigProf Online Invoicing System versions prior to 2.9 Description: The issue is related to an unauthenticated SQL Injection in the /membership passwordReset.php endpoint, which is used for self-service password resets. An attacker can send a...

SQL Injection Vulnerability in the Frontend of Food Ordering Management System of Guangzhou Guowan Electronic Technology Co.

Ltd. ordering system is made for the local area network network ordering system, which is mainly applicable to small and medium-sized enterprises, institutions, hospitals, schools and other organizations to order food. Guangzhou Guowan Electronic Technology Co., Ltd. ordering management system in...

ABB Symphony Plus Operations and ABB Symphony Plus Historian SQL Injection Vulnerabilities

ABB Symphony Plus Operations and ABB Symphony Plus Historian are both products of ABB Switzerland.ABB Symphony Plus Operations is a management device used in industrial environments to improve operational efficiency. The device provides an easy-to-use human-machine interface that seamlessly...

SQL Injection Vulnerability in Kingdee Collaboration Office Platform (CNVD-2020-75010)

Kingdee Software China Co., Ltd. business scope includes: production, development, operation of computer hardware and software, technical training and information consulting services. A SQL injection vulnerability exists in the Kingdee Collaborative Office Platform, which can be exploited by an...

Ornose15 NewPK SQL Injection Vulnerability

Ornose15 Newpk is a Php-based blog management platform from the individual developers at Ornose15. NewPK 1.1 version exists SQL injection vulnerability, the vulnerability stems from the title parameter adminnewpost.php does not do effective filtering of user input, attackers can use this...

osquery Command Injection Vulnerability

osquery is a SQL-driven framework for operating system detection, monitoring and analysis. A command injection vulnerability exists in osquery versions prior to 4.6.0, which stems from the fact that by using additional predicates in sqlite, a person with osquery administrative access can read and...

Ornose15 Newpk SQL注入漏洞

Ornose15 Newpk is a Php-based blog management platform from the individual developers at Ornose15. NewPK 1.1 version exists SQL injection vulnerability, the vulnerability stems from the title parameter adminnewpost.php does not do effective filtering of user input, attackers can use this...

SQL Injection Vulnerability in Website Building System of Yuanqi Technology (Beijing) Co.

Ltd. was founded in May 2014, is committed to become a "private cloud-based service provider of a new generation of enterprise information management system". A SQL injection vulnerability exists in the website building system of Yuanqi Technology Beijing Co., Ltd, which can be exploited by...

SQL Injection Vulnerability in Xinhuo OA Office System (CNVD-2020-73398)

Xinhu OA office system is an open source online office system. SQL injection vulnerability exists in Xinhuo OA Office System. An attacker can exploit the vulnerability to obtain sensitive information in the database...

SQL Injection Vulnerability in the Comprehensive Management Platform of Beijing Zhongcheng Kexin Technology Development Co. Ltd (CNVD-2020-70797)

Beijing Zhongcheng Kexin Technology Development Co., Ltd. is a travel whole industry chain service provider. A SQL injection vulnerability exists in the integrated management platform of Beijing Zhongcheng Kexin Technology Development Co. An attacker can exploit this vulnerability to obtain...

The vulnerability of the REST API interface of the Cisco IoT Field Network Director software, which allows a hacker to access the internal database of the vulnerable device.

The vulnerability of the REST API interface of the Cisco IoT Field Network Director software management tool is related to the lack of security measures for SQL query structures. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to the internal database of th...

ZZCMS suffers from SQL injection vulnerability (CNVD-2020-70597)

ZZCMS is a content management system. A SQL injection vulnerability exists in the frontend of ZZCMS2020, which can be exploited by attackers to obtain sensitive information from the database...

SQL Injection Vulnerability in Golden Shop Worry Free Intelligent Shop Management System

Shenzhen to soft information technology limited company is committed to research and development gold store worry-free jewelry snack store management software series, to meet the needs of various types of jewelry retail store management software. Worry-free intelligent store management system SQL...

Jinan Yuxia Information Technology Co., Ltd. website building system suffers from SQL injection vulnerabilities (CNVD-2020-71666)

Jinan Yuxia Information Technology Co., Ltd. to the Internet products and related services as the main direction, is a collection of website construction and network promotion, IDC business, software development, server hosting, telecommunications value-added services and other integrated service...

Automattic: SQL Injection Union Based

Summary: Hello, I have found a SQL Injection Union Based on https://intensedebate.com/commenthistory/$YourSiteId The $YourSiteId into the url is vulnerable to SQL Injection. Steps to reproduce 1. Logging into https://intensedebate.com 2. After create your own site on...

SQL Injection Vulnerability in MetInfo Backend of Changsha Mito Information Technology Co.

MetInfo is an open source free CMS building system suitable for enterprise building. Changsha Mito Information Technology Co., Ltd. MetInfo backend has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database...

CVE-2020-27662

CVE-2020-27662 affects GLPI with an Insecure Direct Object Reference (IDOR) in ajax/comments.php, allowing reading data from arbitrary tables (e.g., glpi_tickets, glpi_users) in versions prior to 9.5.3. The CVSS data lists a moderate base impact (C/L) with network access and low privileges requir...

SQL Injection Vulnerability in the Backend of Arsenal CMS (CNVD-2020-70791)

Jingxun CMS is a website construction and management system independently developed by Taizhou Jingxun Information Technology Co. A SQL injection vulnerability exists in the back-end of the CMS. An attacker can exploit the vulnerability to obtain sensitive information from the database...