CVE-2020-36540 Neetai Tech product.php sql injection

A vulnerability, which was classified as critical, was found in Neetai Tech. Affected is an unknown function of the file /product.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used...

CVE-2020-36535 MINMAX newsDia.php sql injection

A vulnerability classified as critical has been found in MINMAX. This affects an unknown part of the file /newsDia.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely...

CVE-2021-44097

EGavilan Media Contact-Form-With-Messages-Entry-Management 1.0 is vulnerable to SQL Injection via Addmessage.php. This allows a remote attacker to compromise Application SQL database...

CVE-2020-22174

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\book-appointment.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information...

CVE-2020-15714

rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.crud.php script using the customLocation parameter, which could allow the attacker to view, add, modify, or delete information in the back-end database...

PT-2020-7378 · Boinc · Boinc

Name of the Vulnerable Software and Affected Versions: BOINC affected versions not specified Description: The issue allows remote attackers to execute arbitrary SQL commands via unspecified vectors, due to multiple SQL injection vulnerabilities. Recommendations: At the moment, there is no...

CVE-2018-9250

interface\super\editlist.php in OpenEMR before v5011 allows remote authenticated users to execute arbitrary SQL commands via the newlistname parameter...

Trend Micro Control Manager GetScheduleSubscription SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

CVE-2015-9226

Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the 1 checkdownload and possibly 2 checkfilename function in upload/admin2/model/products/modeladmindownload.php or remote authenticated users wit...

CVE-2017-9443

BigTree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\admin\modules\developer\extensions\install\process.php and...

Schoolhos CMS 2.29 - 'kelas' SQL Injection

Document Title: =============== Schoolhos CMS v2.29 - kelas Data Siswa SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1931 Release Date: ============= 2016-11-07 Vulnerability Laboratory ID VL-ID:...

CVE-2016-7919

Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a "SQL Injection" issue affecting the Administration panel function in the installation process component. NOTE: the vendor disputes the relevance of this report, noting that "the person who i...

Nagios XI SQL Injection (CVE-2018-8734)

An SQL injection vulnerability exists in Nagios XI. It allows an authenticated remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data...

CVE-2012-2956

SQL injection vulnerability in SpiceWorks 5.3.75941 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to apiv2.json. NOTE: this entry was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6658 is for the XSS...

Joomla! Spider Video Player Component <= 2.8.3 SQLi Vulnerability - Active Check

Joomla! Spider video player Component is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Hewlett-Packard Intelligent Management Center APM monitorId SQL Injection Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the APM module's AppDataDaoImpl class. The monitorId parameter does n...

Sql injection

SQL injection vulnerability in This HTML Is Simple THIS before 1.2.4 allows remote to execute arbitrary SQL commands via vectors related to op=page&id= in the URL...

BrowserCRM Multiple SQLi and XSS Vulnerabilities

BrowserCRM is prone to multiple SQL injection SQLi and cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...

CVE-2012-5342

Multiple SQL injection vulnerabilities in SenseSites CommonSense CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to 1 special.php, 2 article.php, or 3 cat2.php...

CVE-2012-3435

SQL injection vulnerability in frontends/php/popupbitem.php in Zabbix 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, allows remote attackers to execute arbitrary SQL commands via the itemid parameter...