1397 matches found
SQL injection vulnerability in the cl***_id*** parameter of Harbin Fengteng E-commerce station building system pr***.php page
Fengteng e-commerce website building system is a website building system. Harbin Fengteng e-commerce station building system pr.php page under the clid parameter there is a SQL injection vulnerability There is a SQL injection vulnerability, an attacker can use the vulnerability to obtain sensitiv...
zzcms SQL Injection Vulnerability (CNVD-2019-13260)
ZZCMS is a content management system CMS by the ZZCMS team in China. A SQL injection vulnerability exists in the /user/logincheck.php file in ZZCMS version 8.3. The vulnerability can be exploited by a remote attacker to execute SQL commands with the help of the 'X-Forwarded' parameter in the HTTP...
WordPress Plugin Advanced Custom Fields Pro SQL Injection Vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress plugin Advanced Custom Fields Pro SQL injection vulnerability. The vulnerability is caused due to the program faili...
Database-query Authentication Bypass
actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...
CVE-2018-19654
An issue was discovered in Sales & Company Management System SCMS through 2018-06-06. There is a discrepancy in username checking between a component that does string validation, and a component that is supposed to query a MySQL database. Thus, it is possible to register a new account with a...
TerraMaster TOS SQL Injection Vulnerability
TerraMaster TOS is a set of storage server special operating system based on Linux platform developed by Terra Master. The system supports file sharing, cloud data synchronization, data backup and virtualization. A SQL injection vulnerability exists in the logtable.php file in TerraMaster TOS...
SQL Injection Vulnerability in Rabbit Movie CMS
Rabbit TV CMS is an open source content building system. Rabbit Movie CMS has a SQL injection vulnerability that can be exploited by attackers to obtain sensitive database information...
ShopsN single merchant b2c mall system v2.3.6 has SQL injection vulnerability
ShopsN single merchant b2c mall system is an open source online store system developed using PHP + MySQL. ShopsN single merchant b2c mall system v2.3.6Us.class .php file addressadd function has a SQL injection vulnerability , an attacker can use this vulnerability to obtain the administrator...
SQL Injection Vulnerability in QYKCMS v4.3.2
QYKCMS is a lightweight intelligent website building system based on PHP+MySql developed by QYK. QYKCMS v4.3.2 suffers from a SQL injection vulnerability. An attacker can exploit the vulnerability to obtain sensitive database information...
SQL injection vulnerability in free version of Touchmedia Mall system
TouchNet universal mall station-building system is a set of universal station-building system developed by Tianjin TouchNet Technology Co. TouchNet Universal Mall Station Building System free version of the foreground there is a SQL injection vulnerability, the attacker can be customized through...
CVE-2018-18791
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie...
Curriculum Evaluation System 1.0 - SQL Injection
Curriculum Evaluation System 1.0 - SQL Injection Exploit Title: Curriculum Evaluation System 1.0 - SQL Injection Dork: N/A Date: 2018-10-29 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link:...
SeaCMS SQL Injection Vulnerability (CNVD-2018-19865)
SeaCMS is a free and open source web content management system written in PHP. The system has been designed primarily to manage video-on-demand resources. A SQL injection vulnerability exists in the 'order' parameter in SeaCMS version 6.64, which can be exploited by remote attackers to execute SQ...
SemCms php version V3.2 SQL injection vulnerability in frontend
SemCms is an open source foreign trade enterprise website management system , mainly for foreign trade enterprises , compatible with IE, Firefox and other mainstream browsers . SemCms php version V3.2 front-end SQL injection vulnerability , attackers can use the vulnerability to obtain the...
SQL injection vulnerability in ZZCMS version 8.3 zs***.php file (CNVD-2018-19951)
ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A SQL injection vulnerability exists in the zs.php file of ZZCMS version 8.3. An attacker can exploit the vulnerability to obtain sensitive information from the database...
SQL injection vulnerability in ZZCMS 8.3 ta***.php file
ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A SQL injection vulnerability exists in the ta.php file of ZZCMS version 8.3. An attacker can exploit the vulnerability to obtain sensitive information from the database...
CVE-2018-16436
Gxlcms 2.0 before bug fix 20180915 has SQL Injection exploitable by an administrator...
NoSQL Injection
loopback-connector-mongodb is susceptible to NoSQL injection attack. The buildWhere and buildSort functions fail to sanitize the filter passed to the database query, allowing the attacker to inject and execute arbitrary NoSQL queries...
SQL Injection Vulnerability in the Frontend of DaQuanZhouAuto.com
It is an automobile network platform that provides Quanzhou automobile, Quanzhou automobile information, Quanzhou new car, Quanzhou used car and other services. SQL injection vulnerability exists in the front-end of DaQuanZhouAuto.com, the vulnerability stems from the failure to filter the pagenu...
GHSA-M8H6-M9P5-P2F8 Moderate severity vulnerability that affects activerecord
Withdrawn, accidental duplicate publish. Active Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions a...