CVE-2024-4749

The wp-eMember WordPress plugin before 10.3.9 does not sanitize and escape the "fieldId" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

ZYCHCMS 'Fieldid' Parameter Has SQL Injection Vulnerability

ZYCHCMS is an enterprise website management system. ZYCHCMS v06 Build161216 suffers from a SQL injection vulnerability. The lack of filtering of the 'Fieldid' parameter allows attackers to exploit the vulnerability to obtain sensitive information about the database...

Apabi图书系统多个参数MSSQL注入漏洞

简要描述： 详细说明： 厂商： http://gw.apabi.com/ 北京方正阿帕比技术有限公司 SQL注入点： /netlinkhandler.asp?lang=gb&DocGroupID=&FieldID=&FieldName=Creator&FieldType=1&QueryValue=&Repeatable=True 其中：DocGroupID、FieldID这2个参数都是存在SQL注入的 互联网自动采集案例5枚：...

Sql injection

Multiple SQL injection vulnerabilities in CuteFlow 2.10.0 allow remote authenticated users to execute arbitrary SQL commands via the 1 listid parameter to pages/editmailingliststep1.php, the 2 userid parameter to pages/edituser.php, the 3 fieldid parameter to pages/editfield.php, and the 4...

CVE-2008-1632

Multiple SQL injection vulnerabilities in CuteFlow 2.10.0 allow remote authenticated users to execute arbitrary SQL commands via the 1 listid parameter to pages/editmailingliststep1.php, the 2 userid parameter to pages/edituser.php, the 3 fieldid parameter to pages/editfield.php, and the 4...