38 matches found
CVE-2022-24206
Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in /mobileseal/getseal.php via the DEVICELIST parameter...
CVE-2021-25114 Paid Memberships Pro < 2.6.7 - Unauthenticated Blind SQL Injection
The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape the discountcode in one of its REST route available to unauthenticated users before using it in a SQL statement, leading to a SQL injection...
CVE-2019-17295
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the history function by a Regular user...
CVE-2019-16125
In Jobberbase 2.0, the parameter category is not sanitized in public/pagesubscribe.php, leading to /subscribe SQL injection...
field_test gem contains injection vulnerability
The fieldtest gem 0.3.0 for Ruby has unvalidated input. A method call that is expected to return a value from a certain set of inputs can be made to return any input, which can be dangerous depending on how applications use it. If an application treats arbitrary variants as trusted, this can lead...
dotCMS SQL Injection Vulnerability (CNVD-2019-18732)
dotCMS is a content management system CMS from the United States dotCMS. The system supports RSS feeds , blogs , forums and other modules , and is easy to extend and build features . A SQL injection vulnerability exists in dotCMS versions prior to 5.1.6. The vulnerability stems from a lack of...
CVE-2019-8393
HotelsServer through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is mishandled...
ShopsN single merchant b2c mall system v2.3.6 suffers from SQL injection vulnerability (CNVD-2018-25893)
ShopsN single merchant b2c mall system is an open source online store system developed using PHP + MySQL. ShopsN single merchant b2c mall system v2.3.6Us.class.php file addresslist function there is a SQL injection vulnerability , attackers can use the vulnerability to obtain the administrator...
MantisBT 'sql' Parameter SQL Injection Vulnerability (Feb 2018) - Linux
MantisBT is prone to an SQL injection SQLi vulnerability. Note: The vendor disputes the significance of this report because server.php is intended to execute arbitrary SQL statements on behalf of authenticated users from 127.0.0.1, and the issue does not have an authentication bypass...
xycms b_title parameter sql injection vulnerability
No description provided by source...
OneOrZero helpdesk 1.6.x. - Remote Shell Upload Exploit
No description provided by source. !/usr/bin/perl =about OneOrZero 1.6. Perl exploit AUTHOR discovered & written by Ams ax330d doggy gmail dot com VULN. DESCRIPTION: In 'tinfo.php' script there are function named uploadAttachment through which we are able to upload files. It does not checks what...
PHPSay_World 1.0 /user.php SQL注入漏洞
No description provided by source...
Tiki Wiki CMS Groupware 'unserialize()' Multiple PHP Code Execution Vulnerabilities
Tiki Wiki CMS Groupware is prone to multiple remote PHP code- execution vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Auction_Software Script SQL Injection
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Name : AuctionSoftware Script Admin Login Bypass vulnerability vendor URL :http://www.brotherscripts.com/ Price: $24.95 Author : altbta dork : "PHPAuction GPL Enhanced V2.51 by AuctionCode.com"...
DEBIAN-CVE-2010-1277
SQL injection vulnerability in the user.authenticate method in the API in Zabbix 1.8 before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the user parameter in JSON data to apijsonrpc.php...
Hosting Controller <= 6.1 Hotfix 3.2 Remote Unauthenticated Vulns
No description provided by source. Hosting Controller 6.1 Hotfix = 3.2 Multi Vuln. SQLInjection, Command Injection ------- KAPDA::59 - Hosting Controller 6.1 Hotfix = 3.2 Vendor: Hosting Controller Vendor URL: www.hostingcontroller.com Solution: Hotfix 3.3 Found Date: 7/1/2006 Release Date:...
Hosting Controller <= 6.1 Hotfix 3.2 Remote Unauthenticated Vulns
Exploit for unknown platform in category web applications ================================================================= Hosting Controller = 6.1 Hotfix 3.2 Remote Unauthenticated Vulns ================================================================= Hosting Controller 6.1 Hotfix = 3.2 Multi...
CVE-2005-4228
Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 since, 2 sortby, and 3 itemsnumber parameters to comments.php, 4 the search parameter to category.php, and 5 imageid parameter to picture.php. NOTE: it was...