CVE-2017-12302

A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The vulnerability is due to a lack of input validation on user-suppli...

SQL injection vulnerability in shownews.hb page of website building system of Jiangxi Huabang Media Co.

Jiangxi Huabang Media Co., Ltd. is a comprehensive IT company integrating enterprise informationization construction, network development and Internet marketing. There is a SQL injection vulnerability in the shownews.hb page of the website building system of Jiangxi Huabang Media Co. The...

SQL Injection Vulnerability in News.asp Page of Frontier Technology Website Building System

Zaozhuang Frontier Technology Co., Ltd. is a technology enterprise engaged in software technology services. A SQL injection vulnerability exists in the news.asp page of Frontier Technology's website construction system. An attacker can exploit this vulnerability to obtain sensitive information fr...

SQL Injection Vulnerability in auxblogcms 1.0.6

auxblogcms is a php personal blog system based on PHP+MySQL program. auxblogcms 1.0.6 suffers from a SQL injection vulnerability, which is caused due to the system failing to filter parameters effectively. An attacker can exploit this vulnerability to obtain sensitive database information...

The vulnerability of the IBM Security Guardium information protection mechanism lies in its lack of protection for SQL query structures. This allows attackers to view, add, modify, or delete data.

The vulnerability of the IBM Security Guardium security tool relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to remotely access, view, add, modify, or delete data using specially crafted SQL statements...

SQL Injection Vulnerability in the Frontend of Esaote E3 Omni-Channel Retail Management Software

E3 omni-channel retail management software is Esaote's e-commerce ERP system for online sales in the fashion industry, integrating Taobao interface, independent B2C mall system, advanced order processing system, logistics and warehousing system, network marketing and promotion system, and...

Vastal I-Tech Agent Zone SQL Injection Vulnerability

Vastal I-Tech Agent Zone aka The Real Estate Script is a real estate website management system. A SQL injection vulnerability exists in Vastal I-Tech Agent Zone aka The Real Estate Script. A remote attacker can exploit this vulnerability to inject SQL commands...

SQL Injection Vulnerability in Axublog v1.0.6 hit.php Page

Axublog is a PHP personal blog system. A SQL injection vulnerability exists in the Axublog v1.0.6 hit.php page. An attacker can exploit this vulnerability to obtain sensitive database information...

CPA Lead Reward Script SQL Injection Vulnerability

CPA Lead Reward Script is a social research script. A SQL injection vulnerability exists in CPA Lead Reward Script. A remote attacker can exploit this vulnerability to inject SQL commands with the 'username' parameter...

Data Components tPanel SQL Injection Vulnerability

Data Components tPanel is a set of web hosting control panels that run in the server. A SQL injection vulnerability exists in Data Components tPanel version 2009. A remote attacker could exploit this vulnerability to bypass authentication...

Vastal I-Tech Dating Zone SQL Injection Vulnerability

Vastal I-Tech Dating Zone is a dating site system. The system supports user registration, search and forums. A SQL injection vulnerability exists in Vastal I-Tech Dating Zone version 0.9.9. A remote attacker can exploit the vulnerability by sending the 'productid' parameter to the addtocart.php...

Adult Script Pro SQL Injection Vulnerability

Adult Script Pro is an online multimedia website builder. The system has modules for video viewing, news and user registration. A SQL injection vulnerability exists in Adult Script Pro version 2.2.4. A remote attacker can exploit this vulnerability by sending PATHINFO to the /download URI to inje...

iTech Gigs Script SQL Injection Vulnerability

iTech Gigs Script is an e-commerce website building system. The system features user registration, quotes and comments. A SQL injection vulnerability exists in iTech Gigs Script version 1.21. A remote attacker can inject SQL commands by sending the 'sc' parameter to the browse-scategory.php file ...

Tenable SecurityCenter SQL Injection Vulnerability

Tenable SecurityCenter is a Nessus-inclusive vulnerability management platform from US-based Tenable Network Security. The platform simplifies vulnerability scanning, management and reporting and provides a console to manage policies, alerts, reports and plug-ins for Nessus. An SQL injection...

US Zip Codes Database Script SQL Injection Vulnerability

US Zip Codes Database Script is a set of US Zip Codes Database Scripts. A SQL injection vulnerability exists in US Zip Codes Database Script version 1.0. A remote attacker can exploit this vulnerability to inject SQL commands with the 'state' parameter...

SQL Injection Vulnerability in MIPCMS ApiAdminLink.php Page

MIPCMS is a free and open source based on Baidu Mobile Accelerator MIP engine based on the development of articles, information, content management system, but also the system for the Internet webmasters, entrepreneurs and other groups to create SEO-optimized after the station-building system. A...

PHPSUGAR PHP Melody SQL Injection Vulnerability (CNVD-2017-32540)

PHPSUGAR PHP Melody is a PHP-based content management system for video websites. A SQL injection vulnerability exists in PHPSUGAR PHP Melody versions prior to 2.7.3. A remote attacker can perform a display list operation on the watch.php file and exploit the vulnerability to execute arbitrary SQL...

SQL Injection Vulnerability in WebShow Shopping System V5.4 listjp.asp

Net show shopping system is a shopping site developed with asp + access. A SQL injection vulnerability exists in NetShow Shopping System V5.4 listjp.asp. An attacker can obtain sensitive database information by constructing specific SQL statements...

SQL Injection Vulnerability in Opensns CheckInController.class.php Page

OpenSNS is a lightweight social user center framework based on OneThink. The system adheres to a minimalist design style and focuses on communication. A SQL injection vulnerability exists in the Opensns CheckInController.class.php page. An attacker can exploit the vulnerability to obtain sensitiv...

LetoDMS SQL Injection Vulnerability (CNVD-2017-35203)

LetoDMS is a document management system based on PHP+MySQL development. A SQL injection vulnerability exists in LetoDMSCore/Core/inc.ClassDMS.php in LetoDMS before version 3.3.8, which can be exploited by remote attackers to execute arbitrary SQL commands...