13 matches found
CVE-2020-21809
SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4.3 via the 1 listid parameter in detail.php and the 2 groupprice or groupid parameters in searchresult.php...
The vulnerability of the Shops module in the NukeViet content management system allows a hacker to execute arbitrary SQL code.
The vulnerability of the Shops module in the NukeViet content management system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code through the listid parameter in the detail.php script, ...
Vinades NukeViet SQL注入漏洞
Vinades NukeViet is an open source Content Management System CMS from Vinades Vietnam. A SQL injection vulnerability exists in NukeViet CMS due to a failure to filter special characters in the listid parameter on the detail.php page of the product store module and the groupprice and groupid...
CVE-2020-21809
SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4.3 via the 1 listid parameter in detail.php and the 2 groupprice or groupid parameters in searchresult.php...
CVE-2020-21809
Summary: CVE-2020-21809 is a SQL Injection vulnerability in the NukeViet CMS module Shops affecting versions 4.0.29 and 4.3, exploitable via improper handling of input parameters (listid in detail.php; group_price or groupid in search_result.php). The vulnerability is documented with high/critica...
Sql injection
The sendpress plugin before 1.2 for WordPress has SQL Injection via the wp-admin/admin.php?page=sp-queue listid parameter...
Sql injection
SQL injection vulnerability in viewListing.php in linkSpheric 0.74 Beta 6 allows remote attackers to execute arbitrary SQL commands via the listID parameter...
Sql injection
Multiple SQL injection vulnerabilities in CuteFlow 2.10.0 allow remote authenticated users to execute arbitrary SQL commands via the 1 listid parameter to pages/editmailingliststep1.php, the 2 userid parameter to pages/edituser.php, the 3 fieldid parameter to pages/editfield.php, and the 4...
CVE-2008-1632
Multiple SQL injection vulnerabilities in CuteFlow 2.10.0 allow remote authenticated users to execute arbitrary SQL commands via the 1 listid parameter to pages/editmailingliststep1.php, the 2 userid parameter to pages/edituser.php, the 3 fieldid parameter to pages/editfield.php, and the 4...
Sql injection
SQL injection vulnerability in index.php in the amazOOP Awesom! comawesom 0.3.2component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter in a viewlist task...
CVE-2008-0603
SQL injection vulnerability in index.php in the amazOOP Awesom! comawesom 0.3.2component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter in a viewlist task...
Sql injection
SQL injection vulnerability in index.php in the fq comfq component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter...
CVE-2008-0511
SQL injection vulnerability in index.php in the MaMML commamml component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter...