CVE-2019-20495

cPanel before 82.0.18 allows attackers to read an arbitrary database via MySQL dump streaming SEC-531...

CVE-2019-20495

cPanel before 82.0.18 allows attackers to read an arbitrary database via MySQL dump streaming SEC-531...

SQL injection vulnerability in cp_***.php file of website building system of Henan Lisuo Internet Information Technology Co.

Henan LISO Internet Information Technology Co., Ltd. is a comprehensive Internet service organization that provides network solutions for enterprises to enhance the value of their Internet marketing. Henan Lishou Internet Information Technology Co., Ltd. building system cp.php file there is a SQL...

SeaCMS suffers from SQL injection vulnerability (CNVD-2020-23523)

SesCMS is a PHP content management system a set of programs adaptive computer, cell phone, tablet, APP multiple terminal entrance station-building tool. SeaCMS SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive database information...

SQL Injection Vulnerability in YIXUNCMS 2.0.4.91SD by EaseUS Software Studio

EaseUS software is a BS architecture software application and development team, focusing on serving domestic small and medium-sized business units, institutions at all levels of the website platform and WEB application system design and development. EaseUS Software Studio YIXUNCMS 2.0.4.91SD...

Heybbs Micro Community v1.2 suffers from SQL injection vulnerability (CNVD-2020-23507)

HEYBBS micro-community is a front-end based on bootstrap+jq+css, back-end php+mysql development of micro-community program. Heybbs Micro Community v1.2 has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

Chianxin Website Defender SQL Injection Rule Bypassing

There are SQL injection rule bypasses in the Chianson Web Defender product, which can be utilized by attackers to bypass its security protection and gain access to sensitive information in the database of the protected website...

SQL injection vulnerability in it***.php file of Jinwei Mobile Mall System

Jinwei mobile mall system is a micro-business customers with a public number, imitation hand Tao page layout, support embedded video playback. Support customized model specifications, the main specifications support attached pictures, each subdivided model support inventory control, subdivided...

SQL injection vulnerability in us***.php file of Jinwei Mobile Mall system

Jinwei mobile mall system is a micro-business customers with a public number, imitation hand Tao page layout, support embedded video playback. Support customized model specifications, the main specifications support attached pictures, each subdivided model support inventory control, subdivided...

SQL injection vulnerability in ad***_bo***_cl***.php page of XYCMS message board PHP version

XYCMS message board PHP version is to php + MySQL for the development of php message board source code, software for the ordinary message board, can be widely used in corporate websites and other websites that need a message board to use. XYCMS message board PHP version adbocl.php page SQL...

SQL Injection Vulnerability in Website Building System of Guangzhou Chuangke Network Technology Co.

Ltd. is to provide Internet services, including marketing website construction, network marketing and promotion, website hosting operations, website production, website design, website promotion and maintenance, website SEO optimization, WeChat marketing and development, corporate brand marketing...

QIWI: Remote Code Execution on contactws.contact-sys.com via SQL injection in TCertObject operation "Delete"

Summary The API interface on https://contactws.contact-sys.com:3456/ accepts a body to interact with the server's AppServ object. Because of insufficient input validation, an attacker can abuse the ID parameter to inject arbitrary SQL statements into the underlying prepared statement. This leads ...

WP Advanced Search < 3.3.4 - Unauthenticated Database Access and Remote Code Execution (RCE)

Arbitrary database queries can be executed in an unauthenticated context of the "WP-Advanced-Search Plugin". E.g. a new administrative account could be added to the WordPress instance, a malicious plugin deployed and therefore Remote Code Execution RCE would be possible in the end. PoC PoC: Updat...

SQL injection vulnerability in im***.asp page of Ebay website building system of Jinan Dotchuang Network Technology Co.

Ltd. is committed to providing governments, enterprises, and network providers with high-tech network application solutions, small and medium-sized office software development and customization, system platform development and its value-added services. There is a SQL injection vulnerability in th...

SQL Injection Vulnerability in Jinwei Smart Restaurant

Jinwei Intelligent Restaurant is a free restaurant management software, easy and convenient to operate, suitable for all kinds of large and small restaurants, as well as fast food, Chinese food, western food, hot pot restaurant and other kinds of catering business. Jinwei Smart Restaurant suffers...

SQL Injection Vulnerability in the Most Earthly Group Buying System

The most earth group-buying system is the most professional and powerful GroupOn mode of free open source group-buying system platform. The most earth group-buying system SQL injection vulnerability , an attacker can exploit the vulnerability to obtain sensitive information in the database...

CVE-2019-19607

A SQL injection vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the session parameter. A successful exploit could allow an attacker to extract sensitive information from the databas...

SQL Injection Vulnerability in Jinwei Mobile Mall System

Jinwei Mobile Mall System is a mall management system for micro-business customers with public numbers. A SQL injection vulnerability exists in Jinwei Mobile Mall System, which can be exploited by attackers to obtain sensitive information from the database...

SQL Injection Vulnerability in Jinwei Mobile Mall System (CNVD-2020-22753)

Jinwei Mobile Mall System is a mall management system for micro-business customers with public numbers. A SQL injection vulnerability exists in Jinwei Mobile Mall System, which can be exploited by attackers to obtain sensitive information from the database...

SQL Injection Vulnerability in Jinwei Supermarket Cashiering System

Jinwei Supermarket Cashier System is a code-sweeping cashier tool designed for small and medium-sized supermarkets and community convenience stores. SQL injection vulnerability exists in Jinwei Supermarket Cashier System, which can be exploited by attackers to obtain sensitive information from th...