SQL injection vulnerability in the ad***.php page of YXcmsApp 1.4.7 (CNVD-2019-05336)

YXcmsApp is a PHP and MySQL based enterprise building content management system CMS. A SQL injection vulnerability exists in the ad.php page of YXcmsApp 1.4.7, which can be exploited by attackers to obtain sensitive information from the database...

CVE-2019-5720

includes/db/class.reflinesdb.inc in FrontAccounting 2.4.6 contains a SQL Injection vulnerability in the reference field that can allow the attacker to grab the entire database of the application via the voidtransaction.php filterType parameter...

CVE-2019-5720

CVE-2019-5720 affects FrontAccounting 2.4.6. The vulnerability is a SQL Injection in includes/db/class.reflines_db.inc, exploitable via the reference field using the void_transaction.php?filterType parameter, potentially allowing an attacker to extract the entire database. Connected sources (RH, ...

Xi'an Bailian website builder system has SQL injection vulnerability

Xi'an BaiLian Network Technology Co., Ltd. is the first technology company specializing in bearing industry management software development and bearing industry portal design. Xi'an BaiLian website building system has a SQL injection vulnerability, which can be exploited by attackers to obtain...

SQL Injection Vulnerability in Vansco's Website Builder System

Ltd. is an Internet service company integrating website construction, software development, website planning, graphic design, software development, website operation, space domain name service and other Internet basic services. There is a SQL injection vulnerability in Visco's website building...

Changsha Saillian Network Technology Co., Ltd. website building system has SQL injection vulnerabilities

Changsha Sailian Network Technology Co. There is a SQL injection vulnerability in the website building system of Changsha Sailian Network Technology Co., Ltd, which can be exploited by attackers to obtain sensitive information from the database...

CVE-2018-1000890

FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter "filterType" in /attachments.php that can allow the attacker to grab the entire database of the application...

CVE-2018-1000630

Battelle V2I Hub 2.5.1 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to /api/PluginStatusActions.php and /status/pluginStatus.php using the jtSorting or id parameter, which could allow the attacker to view, add, modify or delete...

SQL Injection Vulnerability in File System Profile Frontend ge***.aspx Page

The filing system Profile is an in-house employee management software. A SQL injection vulnerability exists in the front-end ge.aspx page of File System Profile, which can be exploited by attackers to obtain sensitive information from the database...

SQL Injection Vulnerability in PHPSHE B2C Mall System v1.7ca***.php

PHPSHE B2C mall system is an online shopping mall system. The system supports express tracking, online chat, order evaluation and statistics. PHPSHE B2C Mall System v1.7ca.php has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database...

SQL Injection Vulnerability in Purchase Frontend pr***.aspx Page of Purchase System

Purchase system Purchase is a purchasing management system features include: product requisitioning, warehousing, inventory counts, data reports and more. A SQL injection vulnerability exists in the front-end pr.aspx page of Purchase, which can be exploited by attackers to obtain sensitive...

WeBid SQL Injection Vulnerability (CNVD-2019-43415)

WeBid is an open source auction site building solutions. A SQL injection vulnerability exists in the yourauctions.php script in WeBid 1.2.2 and earlier versions. A remote attacker can exploit this vulnerability by sending an HTTP request to read the database...

SQL Injection Vulnerability in zzzphp sa***.php File

zzphp is a free website building system developed using PHP. A SQL injection vulnerability exists in the zzzphp sa.php file. An attacker can exploit the vulnerability to obtain sensitive information from the database...

Zoho ManageEngine OpManager SQL Injection Vulnerability (CNVD-2018-26464)

ZOHO ManageEngine OpManager is a set of network, server and virtualization monitoring software from ZOHO. A SQL injection vulnerability exists in the Alarms section of ZOHO ManageEngine OpManager prior to version 12.3 build 123239. A remote attacker can exploit this vulnerability to execute...

Shanghai Haitian Information Campus Informatization Platform suffers from SQL Injection Vulnerability

Shanghai Haitian Information System Engineering Co., Ltd. is a company dedicated to business research, product development, application consulting, project implementation, customer service, and industry alliance of management application software in the field of education and school. A SQL...

SQL Injection Vulnerability in Enzong Technology's Website Building System

Tianjin EnZhong Technology Development Co., Ltd. is a network application service operator and a top Internet industry solution company in China. There is a SQL injection vulnerability in EnZone's website building system, which can be exploited by attackers to obtain sensitive information from th...

CVE-2018-15719

Open Dental before version 18.4 ships with a MySQL database and uses default credentials of root with a blank password, enabling anyone on the network with access to the server to access all database information. Remediate by upgrading to version 18.4 or later (details in provided sources).

Code injection

An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has...

DOUPHP has a file upload vulnerability

DouPHP is a lightweight enterprise website management system based on PHP+Mysql architecture, running on various platforms such as Linux, Windows, MacOSX, Solaris and so on. DOUPHP suffers from a file upload vulnerability. The vulnerability is caused by the website upload function failing to...

CVE-2018-0468

A vulnerability in the configuration of a local database installed as part of the Cisco Energy Management Suite CEMS could allow an authenticated, local attacker to access and alter confidential data. The vulnerability is due to the installation of the PostgreSQL database with unchanged default...