50 matches found
Sql injection
A vulnerability was found in Weitong Mall 1.0.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file platform-shop\src\main\resources\com\platform\dao\OrderDao.xml. The manipulation of the argument sidx/order leads to sql injection. The...
PT-2023-23591 · Unknown · Roadflow Visual Process Engine
Name of the Vulnerable Software and Affected Versions: RoadFlow Visual Process Engine .NET Core Mvc version 2.13.3 Description: A critical issue has been found in the Login component of the affected software, specifically in the file "/Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=ta...
Newsletter by Supsystic <= 1.5.6 - Authenticated SQL Injection
The GET parameter "sidx" is used in a SQL statement without being sanitised when searching for subscribers in the dashboard, leading to an authenticated SQL Injection issue. PoC The PoC will be displayed once the issue has been remediated...
WordPress Plugin Supsystic Membership 1.4.7 - 'sidx' SQL injection
Exploit Title: WordPress Plugin Supsystic Membership 1.4.7 - 'sidx' SQL injection Date: 09/08/2020 Exploit Author: Erik David Martin Vendor Homepage: https://supsystic.com/ Software Link: https://downloads.wordpress.org/plugin/membership-by-supsystic.1.4.7.zip Version: 1.4.7 Tested on: Ubuntu...
Sql injection
SQL injection vulnerability in Accentis Content Resource Management System before the October 2015 patch allows remote attackers to execute arbitrary SQL commands via the SIDX parameter...
CVE-2015-3424
SQL injection vulnerability in Accentis Content Resource Management System before the October 2015 patch allows remote attackers to execute arbitrary SQL commands via the SIDX parameter...
Sql injection
H3C H3Cloud OS all versions allows SQL injection via the ear/gridevent sidx parameter...
CVE-2019-12193
H3C H3Cloud OS all versions allows SQL injection via the ear/gridevent sidx parameter...
openSUSE Security Update : ffmpeg (openSUSE-2015-821)
The ffmpeg package was updated to version 2.8.2 to fix the following security and non security issues : - CVE-2015-8216: Fixed the ljpegdecodeyuvscan function in libavcodec/mjpegdec.c which could cause a denial of service out-of-bounds array access bnc955346. - CVE-2015-8217: Fixed the...
CVE-2014-5017
SQL injection vulnerability in CPDB in application/controllers/admin/participantsaction.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to execute arbitrary SQL commands via the sidx parameter in a JSON request to admin/participants/sa/getParticipantsjson, related to a search paramet...