Subrion CMS SQL Injection Vulnerability

Subrion CMS is a PHP-based content management system CMS developed by the Subrion team. The system can be integrated into a website and supports a wide range of extensions plug-ins and more. A SQL injection vulnerability exists in the admin/database/ URI in Subrion CMS version 4.0.5.10. A remote...

PHPCMS 'index.php' page has SQL injection vulnerability

PHPCMS is a website management software. The software adopts modular development and supports a variety of classification methods, using it can easily realize the design, development and maintenance of personalized websites. PHPCMS 'index.php' page has a SQL injection vulnerability, which can be...

Joomla Eventix Events Calendar Component SQL Injection Vulnerability

Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the Joomla BookLibrary component. An attacker can exploit the vulnerability to access or modify database data...

Joomla J-CruiseReservation Standard Component SQL Injection Vulnerability

Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the Joomla J-CruiseReservation Standard component. An attacker can exploit the vulnerability to access or modify database data...

Joomla com_maxcomment component SQL injection vulnerability

Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the Joomla commaxcomment component. An attacker can exploit the vulnerability to access or modify database data...

Joomla JomWALL component 'wuid' parameter SQL injection vulnerability

Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the 'wuid' parameter of the Joomla JomWALL component, which allows remote, unauthenticated attackers to execute arbitrary SQL commands via the parameter...

SQL Injection Vulnerability in Ocean CMS v_name Parameter

Ocean CMS is an open source website builder. A SQL injection vulnerability exists in the adminajax.php page of Ocean CMS 6.46 utf-8 official version. The lack of filtering of the 'vname' parameter allows an attacker to exploit the vulnerability to obtain sensitive database information...

SQL Injection Vulnerability in Ocean CMS zyapi.php Page

Ocean CMS is an open source website builder. A SQL injection vulnerability exists in the Ocean CMS zyapi.php page. The lack of filtering of the '$ids' parameter allows attackers to exploit the vulnerability to obtain sensitive information about the database...

CVE-2017-5598

An issue was discovered in eClinicalWorks healow@work 8.0 build 8. This is a blind SQL injection within the EmployeePortalServlet, which can be exploited by un-authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band...

Serendipity 2.0.3: From File Upload to Code Execution

RIPS Analysis The analysis of Serendipity with RIPS took 67 seconds to complete. The total amount of issues is reasonable for a web application of this size. Most of the 36 low severe issues detected are information leakage issues, for example, when an error message leaks the DBMS system of a...

MyBB has multiple vulnerabilities (CNVD-2016-11623)

MyBB aka MyBulletinBoard is a free and web-based forum software developed by MyBB team using PHP and MySQL. The software is characterized by its simplicity, multi-language support and extensibility. Multiple security vulnerabilities exist in versions of MyBB prior to 1.8.7, including: SQL injecti...

MyBB has multiple vulnerabilities (CNVD-2016-11613)

MyBB aka MyBulletinBoard is a free and web-based forum software developed by MyBB team using PHP and MySQL. The software is characterized by its simplicity, multi-language support and extensibility. Multiple security vulnerabilities exist in versions of MyBB prior to 1.8.8 including: SQL injectio...

DotCMS SQL Injection Vulnerability (CNVD-2016-11002)

DotCMS is a content management system CMS from the American company DotCMS. The system supports RSS feeds , blogs , forums and other modules , and is easy to extend and build features . A SQL injection vulnerability exists in the Site BrowserTemplates pages screen in versions of DotCMS prior to...

SQL injection vulnerability in semcms function.php

SemCms is an open source foreign trade enterprise website management system. semcms function.php SQL injection vulnerability , because the program does not filter user input , attackers exploit the vulnerability by submitting malicious SQL query statements to the server to obtain sensitive databa...

Exponent CMS 'fileid' Parameter SQL Injection Vulnerability

Exponent CMS is a free, open source PHP-based modular content management system CMS of the U.S. OIC Group of companies. The system supports direct editing in the page, and provides user management, site configuration, content editing and other functions. Exponent CMS version 2.3.9 suffers from a...

SQL Injection Vulnerability in Digital China Internet Behavior Management System Announcement_starttime Parameter

Digital China Internet Behavior Management System is an Internet behavior logging system that fully owns the network behavior analysis management system, integrating hardware and software architecture, behavior analysis engine, management and control policies, analyzing network activities in real...

SQL Injection Vulnerability in KuaiFanCMS File /upload/kuaifan/module/xinxi/fajian.module.php

KuaiFanCMS V5.x is developed with PHP5+MYSQL as the technical base. kf is built with Smarty template engine. KuaiFanCMS file /upload/kuaifan/module/xinxi/fajian.module.php at the existence of SQL injection vulnerability, an attacker can use this vulnerability to obtain sensitive database...

School Full CBT 0.1 - SQL Injection

School Full CBT 0.1 - SQL Injection Exploit Title.............. School Full CBT SQL Injection Google Dork................ N/A Date....................... 14/10/2016 Exploit Author............. lahilote Vendor Homepage............ http://www.sourcecodester.com/node/9859 Software Link...

SQL Injection Vulnerability in ChannelList.aspx Page of Shandong Wave Government Approval Platform

Wave Government Approval Platform is a cloud computing infrastructure platform of Shandong Wave Qilu Software Co. A SQL injection vulnerability exists in the ChannelList.aspx page of the Shandong Wave Government Approval Platform, which can be exploited by attackers to obtain sensitive database...

SQL Injection Vulnerability in UFIDA Financials /target/services/userInfoWeb?wsdl Page

UFIDA Financials is a financial management software. A SQL injection vulnerability exists in the UFIDA Financial System /target/services/userInfoWeb?wsdl page. An attacker can exploit the vulnerability to obtain database information...