EUVD-2025-34937

A security vulnerability has been detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. This affects the function Query of the file /MemoryState.do?Action=Query. The manipulation of the argument orderField leads to sql injection. It is possible to initiate the attack remotely. The explo...

CVE-2025-11910

A security vulnerability has been detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. This affects the function Query of the file /MemoryState.do?Action=Query. The manipulation of the argument orderField leads to sql injection. It is possible to initiate the attack remotely. The explo...

CVE-2025-11912 Shenzhen Ruiming Technology Streamax Crocus DeviceState.do Query sql injection

A flaw has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected is the function Query of the file /DeviceState.do?Action=Query. This manipulation of the argument orderField causes sql injection. The attack can be initiated remotely. The exploit has been published and may be...

CVE-2025-11910 Shenzhen Ruiming Technology Streamax Crocus MemoryState.do query sql injection

A security vulnerability has been detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. This affects the function Query of the file /MemoryState.do?Action=Query. The manipulation of the argument orderField leads to sql injection. It is possible to initiate the attack remotely. The explo...

CVE-2025-11909

A weakness has been identified in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The impacted element is the function queryLast of the file /RepairRecord.do?Action=QueryLast. Executing manipulation of the argument orderField can lead to sql injection. The attack may be performed from remote...

CVE-2025-11909 Shenzhen Ruiming Technology Streamax Crocus RepairRecord.do queryLast sql injection

A weakness has been identified in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The impacted element is the function queryLast of the file /RepairRecord.do?Action=QueryLast. Executing manipulation of the argument orderField can lead to sql injection. The attack may be performed from remote...

CVE-2025-11909

CVE-2025-11909 affects Shenzhen Ruiming Technology Streamax Crocus (v1.3.40). The vulnerable element is the function queryLast in /RepairRecord.do?Action=QueryLast, where manipulating the argument orderField enables SQL injection. The flaw can be exploited remotely and public PoCs exist. Affected...

Streamax Crocus SQL注入漏洞

Streamax Crocus is a system used by China Ruiming Streamax to reduce commercial vehicles to reduce traffic accidents and cargo loss. A SQL injection vulnerability exists in Streamax Crocus version 1.3.40, which stems from incorrect manipulation of the parameter orderField in the file...

Streamax Crocus SQL注入漏洞

Streamax Crocus is a system used by China Ruiming Streamax to reduce commercial vehicles to reduce traffic accidents and cargo loss. A SQL injection vulnerability exists in Streamax Crocus version 1.3.40, which stems from incorrect manipulation of the parameter orderField in the file...

Streamax Crocus SQL注入漏洞

Streamax Crocus is a system used by China Ruiming Streamax to reduce commercial vehicles to reduce traffic accidents and cargo loss. A SQL injection vulnerability exists in Streamax Crocus version 1.3.40, which stems from incorrect manipulation of the parameter orderField in the file...

CVE-2025-52472

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 4.3-milestone-1 and prior to versions 16.10.9, 17.4.2, and 17.5.0, the REST search URL is vulnerable to HQL injection via the orderField parameter. The specified value is...

XWiki Platform is vulnerable to HQL injection via wiki and space search REST API

Impact The REST search URL is vulnerable to HQL injection via the orderField parameter. The specified value is added twice in the query, though, once in the field list for the select and once in the order clause, so it's not that easy to exploit. The part of the query between the two fields can b...

GHSA-GPRP-H92G-GC2H XWiki Platform is vulnerable to HQL injection via wiki and space search REST API

Impact The REST search URL is vulnerable to HQL injection via the orderField parameter. The specified value is added twice in the query, though, once in the field list for the select and once in the order clause, so it's not that easy to exploit. The part of the query between the two fields can b...

CVE-2025-52472 XWiki Platform vulnerable to HQL injection via wiki and space search REST API

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 4.3-milestone-1 and prior to versions 16.10.9, 17.4.2, and 17.5.0, the REST search URL is vulnerable to HQL injection via the orderField parameter. The specified value is...

XWiki Platform SQL注入漏洞

XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A SQL injection vulnerability exists in XWiki Platform versions 4.3-milestone-1 through 16.10.9, 17.4.2, and prior to 17.5.0, which stems from an HQL injection in the orderField parameter an...

PT-2025-40901

Name of the Vulnerable Software and Affected Versions XWiki Platform versions 4.3-milestone-1 through 16.10.8 XWiki Platform versions 17.4.0 through 17.4.1 XWiki Platform versions 17.5.0 Description The XWiki Platform, a generic wiki platform, contains a flaw in the REST search URL. The orderFiel...

CVE-2025-2625

A vulnerability classified as critical has been found in westboy CicadasCMS 1.0. This affects an unknown part of the file /system/cms/content/page. The manipulation of the argument orderField/orderDirection leads to sql injection. It is possible to initiate the attack remotely. The exploit has be...

LinksPro SQL Injection

--------------------------------------------------------- Portal Name: LinksPro Standard Edition Vendor : http://www.codefixer.com/applinkspro/standard.asp Author : PouyaServer , [email protected] Aria-Security.Net Vulnerability : SQL ---------------------------------------------------------...