CVE-2017-11693

MEDHOST Document Management System contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and financial...

CVE-2017-11693

MEDHOST Document Management System contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and financial...

The vulnerability of the software system for managing enterprise assets in IBM Maximo Asset Management allows a perpetrator to view, modify, add, or delete information from the internal database.

The vulnerability of the IBM Maximo Asset Management software system management program lies in the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to remotely access, view, modify, add, or delete information from the internal...

CVE-2017-11614

MEDHOST Connex contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and financial information. Connex utilize...

MEDHOST Connex Hard-Coded Credentials

Overview ------------ MEDHOST Connex for all versions contains hard-coded credentials that are used for customer database access. This is a new vulnerability not related to CVE-2016-4328. Description ------------ MEDHOST Connex contains hard-coded credentials that are used for customer database...

SQL Injection Vulnerability in PHPSHE B2C Mall System order.php Parameters

PHPSHE mall system is a combination of product display, online shopping, order management, payment management, article management, customer consultation feedback and other functions, providing users with online shopping mall construction program. A SQL injection vulnerability exists in the...

SQL Injection Vulnerability in Hdwiki 6.0 Frontend

Interactive Wiki open source system HDwiki is by the interactive online Beijing Technology Co., Ltd. launched a free wiki Wiki building system. wiki6.0 'control/ list.php' SQL injection vulnerability exists, the vulnerability stems from the failure to effectively filter user-submitted data, remot...

iWebShop open source mall system toSeller parameter SQL injection vulnerability

iWebShop is an open source WEB e-commerce B2B2C platform self-supporting + merchants stationed station-building system based on PHP language + MYSQL database development, using the MVC architecture Yii framework thinking design pattern carefully designed a product. iWebShop open source mall syste...

Hanchao B2B2C Multi-User Mall System v2.1.3 SQL Injection Vulnerability in the del_msg method

Hanchao B2B2C multi-user mall system is a PHP multi-user mall website system source code developed in PHP + MySQL. Hanchao B2B2C Multi-User Mall System v2.1.3 SQL injection vulnerability exists in the delmsg method. An attacker can exploit this vulnerability to obtain database information...

CVE-2017-1000067

MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges...

CVE-2017-1000067

MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges...

Sql injection

MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges...

CVE-2017-1000067

MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges...

Sql injection

IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123297...

Hardcoded credentials

A hard-coded password issue was discovered in Becton, Dickinson and Company BD PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use hard-coded passwords to access the BD Kiestra Database, which could be leveraged to compromise the...

WordPress FormCraft Basic Plugin SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress FormCraft Basic plugin version 1.0.5, which can be exploited by attacke...

SQL Injection Vulnerability in addr_edite Method of ShopSn V2.0 Mall System

ShopsN Mall system is a product of Shanghai Yiso Network Technology Co., Ltd, an enterprise-class commercial standard full-featured allow free commercial use of the open source online store full network system. A SQL injection vulnerability exists in the userid parameter in the addredite method o...

SQL Injection Vulnerability in ShopsN Mall System

Focus on duplication in comparison with CNVD-C-2017-72147 ShopsN Free Edition B2C e-mall is a full-featured open source online store full web system that meets the enterprise-level commercial standard full-featured and truly allows free commercial use . ShopsN mall system suffers from a SQL...

SQL Injection Vulnerability in FeiWa B2B2C Mall System

FeiWa B2B2C mall system is an enterprise-level B2B2C e-commerce platform system. A SQL injection vulnerability exists in FeiWa B2B2C Mall System. An attacker can exploit this vulnerability to obtain sensitive information from the database...

Real Estate Classifieds Script SQL Injection Vulnerability

Real Estate Classifieds Script is based on Yii Framework - a modern framework. Real Estate Classifieds Script suffers from a SQL injection vulnerability. An attacker can exploit this vulnerability to obtain database information...