SQL Injection

Dolibarr is vulnerable to SQL injection attacks. The attacks exist because it does not properly sanitize the viewstatut and propalstatut aka searchstatut parameters in comm/propal/list.php, allowing the authenticated user to inject arbitrary SQL code through it...

phpCollab 2.5.1 - SQL Injection

phpCollab 2.5.1 - SQL Injection CVE-2017-6089 PhpCollab 2.5.1 Multiple SQL Injections unauthenticated Description PhpCollab is an open source web-based project management system, that enables collaboration across the Internet. SQL injections The phpCollab code does not correctly filter arguments,...

WordPress Kama Click Counter 3.4.9 SQL Injection

============================================= MGC ALERT 2017-002 - Original release date: February 21, 2017 - Last revised: February 28, 2017 - Discovered by: Manuel GarcAa CA!rdenas - Severity: 7,1/10 CVSS Base Score ============================================= I. VULNERABILITY...

WhizBiz Business Directory CMS 1.9 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: WhizBiz - Business Directory CMS v1.9 - SQL Injection Google Dork: N/A Date: 12.02.2017 Vendor Homepage: http://webhelios.com/ Software Buy: https://codecanyon.net/item/whizbiz-business-directory-cms/12931569 Demo:...

ImpressCMS 1.3.9 - SQL Injection

============================================= MGC ALERT 2016-002 - Original release date: April 8, 2016 - Last revised: April 21, 2016 - Discovered by: Manuel García Cárdenas - Severity: 7,1/10 CVSS Base Score ============================================= I. VULNERABILITY ------------------------...

mcart.xls Bitrix Module 6.5.2 - SQL Injection

Advisory ID: HTB23279 Product: mcart.xls Bitrix module Vendor: www.mcart.ru Vulnerable Versions: 6.5.2 and probably prior Tested Version: 6.5.2 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18, 2015 Public Disclosure: January 13, 2016 Vulnerabilit...

ManageEngine OpManager SubmitQuery IntegrationUser SQL Code Execution (CVE-2015-7765; CVE-2015-7766)

An SQL code execution vulnerability exists in ManageEngine OpManager. By sending crafted requests to an affected server, a remote attacker can exploit this vulnerability to execute arbitrary SQL commands with Administrator privileges which can further lead to arbitrary code execution in the...

ManageEngine Applications Manager CommonAPIUtil enableDisableAlarmsAction SQL Injection

An SQL injection vulnerability exists in ManageEngine Applications Manager. This vulnerability is due to insufficient validation of the resourceid and haid parameters when processing requests using the enableDisableAlarmsAction method of the CommonAPIUtil class. By sending crafted request message...

ManageEngine Applications Manager CommonAPIUtil moveSubGroup haid tohaid SQL Injection

An SQL injection vulnerability exists in ManageEngine Applications Manager. This vulnerability is due to insufficient validation of the haid and tohaid parameters when processing requests using the moveSubGroup method of the CommonAPIUtil class. By sending crafted request messages, a remote...

ManageEngine OpManager APMAlertOperationsServlet source SQL Injection

An SQL injection vulnerability exists in ManageEngine OpManager. This vulnerability is due to insufficient validation of the source parameter when processing requests sent to APMAlertOperationsServlet servlet. A remote attacker can exploit this vulnerability to inject and execute arbitrary SQL co...

PHP-Fusion 7.02.07 Blind SQL Injection

============================================= MGC ALERT 2015-002 - Original release date: September 18, 2015 - Last revised: October 05, 2015 - Discovered by: Manuel García Cárdenas - Severity: 7,1/10 CVSS Base Score ============================================= I. VULNERABILITY...

PHP-Fusion 7.02.07 - Blind SQL Injection

PHP-Fusion 7.02.07 - Blind SQL Injection ============================================= MGC ALERT 2015-002 - Original release date: September 18, 2015 - Last revised: October 05, 2015 - Discovered by: Manuel García Cárdenas - Severity: 7,1/10 CVSS Base Score...

PHP-Fusion 7.02.07 Blind SQL Injection Vulnerability

PHP-Fusion versions 7.02.07 and below suffer from a remote blind SQL injection vulnerability in the admin panel. ============================================= MGC ALERT 2015-002 - Original release date: September 18, 2015 - Last revised: October 05, 2015 - Discovered by: Manuel García Cárdenas -...

Novell ZENworks Configuration Management schedule.ScheduleQuery SQL Injection (CVE-2015-0782)

An SQL injection vulnerability exists in ZENworks Configuration Management. The vulnerability is due to insufficient sanitization of a request parameter in the run method of the ScheduleQuery class before using the parameter in SQL queries. A remote, unauthenticated attacker can exploit this...

GLSA-201505-03 : phpMyAdmin: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201505-03 phpMyAdmin: Multiple vulnerabilities Multiple vulnerabilities have been discovered in phpMyAdmin. Please review the CVE identifiers referenced below for details. Impact : A remote authenticated attacker could exploit the...

Novell ZENworks Configuration Management GetStoredResult.class SQL Injection (CVE-2015-0780)

An SQL injection vulnerability exists in ZENworks Configuration Management. The vulnerability is due to insufficient sanitization of the input parameter in the GetReRequestData method of the GetStoredResult class before it is used in an SQL query. A remote attacker can exploit this vulnerability ...

People Joomla Component 1.0.0 - SQL Injection Vulnerability

No description provided by source. People Joomla Component 1.0.0 SQL Injection Vulnerability Name People Vendor http://www.ptt-solution.com Versions Affected 1.0.0 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2011-01-1...

Portel 2008 - (decide.php patron) Blind SQL Injection Vulnerability

No description provided by source. ------------------------------------------------------------------------------ Portel patron Blind SQL-injection Vulnerability ------------------------------------------------------------------------------ + Author : Chip D3 Bi0s + Email :...

Drake CMS <= 0.4.11 Remote Blind SQL Injection Exploit

No description provided by source. ?php / ------------------------------------------------------ Drake CMS = 0.4.11 Remote Blind SQL Injection Exploit ------------------------------------------------------ author...: EgiX mail.....: n0b0d13satgmaildotcom link.....: http://drakecms.sourceforge.net...

Softbiz Banner Exchange Network Script 1.0 - SQL Injection Vulnerability

Softbiz Banner Exchange Network Script ver 1 SQL INJECTION BY IRCRASH AUTHOR : IRCRASH Dr.Crash Script Download : http://www.softbizscripts.com/ Injection Adress : http://sitename/campaignstats.php?id=SQL C0de SQL C0de :...