Lucene search
K

1397 matches found

CNVD
CNVD
added 2019/03/15 12:0 a.m.1 views

SQL injection vulnerability in the cl***_id*** parameter of Harbin Fengteng E-commerce station building system pr***.php page

Fengteng e-commerce website building system is a website building system. Harbin Fengteng e-commerce station building system pr.php page under the clid parameter there is a SQL injection vulnerability There is a SQL injection vulnerability, an attacker can use the vulnerability to obtain sensitiv...

7.6AI score
Exploits0
CNVD
CNVD
added 2019/03/08 12:0 a.m.3 views

zzcms SQL Injection Vulnerability (CNVD-2019-13260)

ZZCMS is a content management system CMS by the ZZCMS team in China. A SQL injection vulnerability exists in the /user/logincheck.php file in ZZCMS version 8.3. The vulnerability can be exploited by a remote attacker to execute SQL commands with the help of the 'X-Forwarded' parameter in the HTTP...

9.8CVSS8.4AI score0.01537EPSS
Exploits1References1
CNVD
CNVD
added 2019/02/26 12:0 a.m.1 views

WordPress Plugin Advanced Custom Fields Pro SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress plugin Advanced Custom Fields Pro SQL injection vulnerability. The vulnerability is caused due to the program faili...

7.8AI score
Exploits0References1
Veracode
Veracode
added 2019/01/15 8:53 a.m.48 views

Database-query Authentication Bypass

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...

6.4CVSS7.2AI score0.046EPSS
Exploits3References17Affected Software43
OSV
OSV
added 2018/11/29 5:29 a.m.4 views

CVE-2018-19654

An issue was discovered in Sales & Company Management System SCMS through 2018-06-06. There is a discrepancy in username checking between a component that does string validation, and a component that is supposed to query a MySQL database. Thus, it is possible to register a new account with a...

7.5CVSS5.8AI score0.00917EPSS
Exploits1References1
CNVD
CNVD
added 2018/11/28 12:0 a.m.3 views

TerraMaster TOS SQL Injection Vulnerability

TerraMaster TOS is a set of storage server special operating system based on Linux platform developed by Terra Master. The system supports file sharing, cloud data synchronization, data backup and virtualization. A SQL injection vulnerability exists in the logtable.php file in TerraMaster TOS...

9.8CVSS9.8AI score0.16661EPSS
Exploits2References1
CNVD
CNVD
added 2018/11/27 12:0 a.m.1 views

SQL Injection Vulnerability in Rabbit Movie CMS

Rabbit TV CMS is an open source content building system. Rabbit Movie CMS has a SQL injection vulnerability that can be exploited by attackers to obtain sensitive database information...

8AI score
Exploits0
CNVD
CNVD
added 2018/11/27 12:0 a.m.2 views

ShopsN single merchant b2c mall system v2.3.6 has SQL injection vulnerability

ShopsN single merchant b2c mall system is an open source online store system developed using PHP + MySQL. ShopsN single merchant b2c mall system v2.3.6Us.class .php file addressadd function has a SQL injection vulnerability , an attacker can use this vulnerability to obtain the administrator...

8.3AI score
Exploits0
CNVD
CNVD
added 2018/11/23 12:0 a.m.2 views

SQL Injection Vulnerability in QYKCMS v4.3.2

QYKCMS is a lightweight intelligent website building system based on PHP+MySql developed by QYK. QYKCMS v4.3.2 suffers from a SQL injection vulnerability. An attacker can exploit the vulnerability to obtain sensitive database information...

7.8AI score
Exploits0
CNVD
CNVD
added 2018/11/09 12:0 a.m.1 views

SQL injection vulnerability in free version of Touchmedia Mall system

TouchNet universal mall station-building system is a set of universal station-building system developed by Tianjin TouchNet Technology Co. TouchNet Universal Mall Station Building System free version of the foreground there is a SQL injection vulnerability, the attacker can be customized through...

7.6AI score
Exploits0
OSV
OSV
added 2018/10/29 12:29 p.m.3 views

CVE-2018-18791

An issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie...

9.8CVSS5.8AI score0.01537EPSS
Exploits1References1
exploitpack
exploitpack
added 2018/10/29 12:0 a.m.18 views

Curriculum Evaluation System 1.0 - SQL Injection

Curriculum Evaluation System 1.0 - SQL Injection Exploit Title: Curriculum Evaluation System 1.0 - SQL Injection Dork: N/A Date: 2018-10-29 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link:...

7.5CVSS0.1AI score0.03213EPSS
Exploits5
CNVD
CNVD
added 2018/09/26 12:0 a.m.3 views

SeaCMS SQL Injection Vulnerability (CNVD-2018-19865)

SeaCMS is a free and open source web content management system written in PHP. The system has been designed primarily to manage video-on-demand resources. A SQL injection vulnerability exists in the 'order' parameter in SeaCMS version 6.64, which can be exploited by remote attackers to execute SQ...

9.8CVSS10AI score0.01189EPSS
Exploits1References1
CNVD
CNVD
added 2018/09/25 12:0 a.m.1 views

SemCms php version V3.2 SQL injection vulnerability in frontend

SemCms is an open source foreign trade enterprise website management system , mainly for foreign trade enterprises , compatible with IE, Firefox and other mainstream browsers . SemCms php version V3.2 front-end SQL injection vulnerability , attackers can use the vulnerability to obtain the...

8.1AI score
Exploits0
CNVD
CNVD
added 2018/09/18 12:0 a.m.1 views

SQL injection vulnerability in ZZCMS version 8.3 zs***.php file (CNVD-2018-19951)

ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A SQL injection vulnerability exists in the zs.php file of ZZCMS version 8.3. An attacker can exploit the vulnerability to obtain sensitive information from the database...

7.6AI score
Exploits0
CNVD
CNVD
added 2018/09/18 12:0 a.m.2 views

SQL injection vulnerability in ZZCMS 8.3 ta***.php file

ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A SQL injection vulnerability exists in the ta.php file of ZZCMS version 8.3. An attacker can exploit the vulnerability to obtain sensitive information from the database...

7.6AI score
Exploits0
OSV
OSV
added 2018/09/05 8:29 p.m.5 views

CVE-2018-16436

Gxlcms 2.0 before bug fix 20180915 has SQL Injection exploitable by an administrator...

7.2CVSS5.8AI score0.01454EPSS
Exploits1References3
Veracode
Veracode
added 2018/08/30 6:52 a.m.20 views

NoSQL Injection

loopback-connector-mongodb is susceptible to NoSQL injection attack. The buildWhere and buildSort functions fail to sanitize the filter passed to the database query, allowing the attacker to inject and execute arbitrary NoSQL queries...

7.6AI score
Exploits0
CNVD
CNVD
added 2018/08/20 12:0 a.m.1 views

SQL Injection Vulnerability in the Frontend of DaQuanZhouAuto.com

It is an automobile network platform that provides Quanzhou automobile, Quanzhou automobile information, Quanzhou new car, Quanzhou used car and other services. SQL injection vulnerability exists in the front-end of DaQuanZhouAuto.com, the vulnerability stems from the failure to filter the pagenu...

8AI score
Exploits0
OSV
OSV
added 2018/08/13 8:49 p.m.7 views

GHSA-M8H6-M9P5-P2F8 Moderate severity vulnerability that affects activerecord

Withdrawn, accidental duplicate publish. Active Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions a...

7.5CVSS7.5AI score0.03903EPSS
Exploits0References2
Rows per page
Query Builder