3898 matches found
SQL Injection Vulnerability in ZZCMS Backend dl_se***l.php File
zzcms is a PHP and MYSQL based CMS. A SQL injection vulnerability exists in the dlsel.php file in the backend of ZZCMS, which can be exploited by attackers to obtain sensitive information from the database...
SQL injection vulnerability in in***.cl***.php page of the background of e-commerce system of Hunan One Eight Network Technology Co.
Laike e-commerce with independent copyright system, is an integrated e-commerce system all the functions of the platform. Hunan One Eight Network Technology Co., Ltd. Laike Push e-commerce system background in.cl.php page there is a SQL injection vulnerability, the attacker can use the loophole t...
CVE-2020-11592
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the columns of a specific table within the CIP database...
CVE-2020-11545
CVE-2020-11545 affects Project Worlds Official Car Rental System 1, where multiple SQL injection flaws exist in PHP/MySQL components (e.g., account.php, login.php, book_car.php). The described impact is database data exposure (dump of MySQL data) and bypass of login authentication. Root cause ind...
Zomato: [www.zomato.com] Blind SQL Injection in /php/geto2banner
Hi Team! Our team discovered a Blind SQL Injection by Abusing LocalParams resid in /php/geto2banner We are working to create a full PDF Report as an WriteUp ; Here is a Temporal Exploit based on the Vulnerable request: POST /php/geto2banner HTTP/1.1 Host: www.zomato.com Connection: close...
Nextcloud: user can bypass password enforcement when federated sharing is enabled
If the admin forces password for link shares and federated shares are enabled, users can bypass this enforcement. Tested with Nextcloud 18.0.3 Steps to reproduce: - enable password enforcement for link shares as admin - as user1 create a link share with password - open the link share in a separat...
ForU CMS suffers from SQL injection vulnerability (CNVD-2020-25783)
ForU CMS is an open source website management system. ForU CMS suffers from a SQL injection vulnerability that can be exploited by attackers to obtain sensitive information about a database...
SQL Injection Vulnerability in Qingdao Huishang Media Co.
Qingdao Hui Shang Media Co., Ltd, is an operator focusing on providing enterprises with services such as online marketing, brand design, micro-marketing, and software customization and development. There is a SQL injection vulnerability in the website system of Qingdao Hui Shang Media Co., Ltd,...
Shenzhen Point Search Technology Co., Ltd. website building system has SQL injection vulnerabilities
Shenzhen Point Search Technology Co., Ltd. is an Internet + lawyers + private customized service providers, specializing in providing lawyers with domain name registration, website construction, optimization and promotion, website hosting and maintenance, media release, full network marketing and...
SQL Injection Vulnerability in DSMall
DSMall is a comprehensive mall platform system. DSMall suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database...
SQL Injection Vulnerability in Heybbs us***.php Page
Heybbs micro-community is a front-end based on bootstrap + jq + css, back-end php + mysql development of micro-community program. The Heybbs us.php page suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database...
SQL Injection Vulnerability in Jinan Cabbage Network Technology Co.
Jinan Cabbage Network Technology Co., Ltd. was founded in 2014, business visits include website construction domain name registration, web hosting, web design, program customization and development, technology outsourcing, WAP mobile site construction, WeChat and small program custom development,...
SQL Injection Vulnerability in Shanghai Enterprise Torch Advertising Media Co.
Ltd. is committed to providing all kinds of enterprises and institutions with network domain name registration, web hosting rental, website construction and maintenance, website promotion and publicity, website revision and translation, enterprise post office, network payment, system integration,...
U-Mail mail server software suffers from SQL injection vulnerability ( CNVD-2020-26500).
U-Mail mail server software is a domestic first-tier brand that really provides lifetime free upgrades of the mail system, including data upgrades of the mail system, antivirus engine, anti-spam engine, etc. U-Mail mail server software is the first-tier brand that really provides lifetime free...
Chaozhou Weipai Network Technology Co., Ltd. website builder system pro****.php has SQL injection vulnerability
Chaozhou Weipai Network Technology Co., Ltd. focuses on micro-platform planning and development, leveraging on the WeChat public platform and open platform, customized display, interaction, sharing, promotion and sales in one of the micro-platform. Chaozhou City Weipai Network Technology Co., Ltd...
SQL injection vulnerability in ne**.php of website building system of Chaozhou Weipai Network Technology Co.
Chaozhou Weipai Network Technology Co., Ltd. focuses on micro-platform planning and development, leveraging on the WeChat public platform and open platform, customized display, interaction, sharing, promotion and sales in one of the micro-platform. Chaozhou City Weipai Network Technology Co., Ltd...
SQL injection vulnerability in the bi***.cl***.php file of UQCMS Cloud Business System
UQCMS cloud business system is programmed with PHP + MYSQL, the template uses smarty templates, the front and back end is separated from a B2B2C e-commerce software. UQCMS cloud business system bi.cl.php file SQL injection vulnerability, an attacker can use the vulnerability to obtain database...
CVE-2019-12122
An issue was discovered in ONAP Portal through Dublin. By executing a call to ONAPPORTAL/portalApi/loggedinUser, an attacker who possesses a user's cookie may retrieve that user's password from the database. All Portal setups are affected...
CVE-2020-3922
LisoMail, by ArmorX, allows SQL Injections, attackers can access the database without authentication via a URL parameter manipulation...
CVE-2020-3922
LisoMail, by ArmorX, allows SQL Injections, attackers can access the database without authentication via a URL parameter manipulation...