WordPress Multi Feed Reader Plugin SQL Injection Vulnerability

WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports setting up personal blog sites on PHP and MySQL servers.Multi Feed Reader is one of the components used to create RSS feed templates. A SQL injection vulnerability exists in Mult...

SQL Injection Vulnerability in Message Board Module of State Micro CMS Government Website System

SMi CMS Government Website System is a website system for governments, schools and groups. There is a SQL injection vulnerability in the message board module of SMiCMS government website system. Due to insufficient filtering of parameters, attackers can exploit the vulnerability to execute...

Flash cms /wap has multiple SQL Injection Vulnerabilities

Flash Flash cms is a flash website system developed by Zibo Flash Network Technology Co. Flash cms has a SQL injection vulnerability. The vulnerability stems from the program's failure to filter user-submitted data, which can be exploited by attackers to obtain sensitive database information...

NetApp OnCommand Unified Manager Core Package SQL Injection Vulnerability

NetApp OnCommand Unified Manager Core Package is an OnCommand series of management software from American NetApp. A SQL injection vulnerability exists in NetApp OnCommand Unified Manager Core Package. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands...

INFOR EAM SQL Injection Vulnerability

Infor EAM is the best configurable enterprise-class asset management solution on the market. Improve capital asset management by increasing reliability, enhancing predictive maintenance, ensuring regulatory compliance, reducing energy consumption, and supporting sustainability programs. An SQL...

finecms has a csrf vulnerability

FineCMS is a content management system based on PHP+MySql. A CSRF vulnerability exists in the finecms backend form for executing SQL, which can be exploited by attackers to trick administrators into clicking on a malicious link to execute SQL statements and write a webshell to gain server...

Shopify: XSS on any Shopify shop via abuse of the HTML5 structured clone algorithm in postMessage listener on "/:id/digital_wallets/dialog"

Description The /:id/digitalwallets/dialog endpoint is used to display a small dialog box relating to the "digital wallets" functionality on a shop. The endpoint includes a script that listens for postMessages without validating the origin of messages. However, the impact of the missing validatio...

Apple macOS Sierra SQLite SQL Query Memory Corruption Vulnerability

Apple macOS is a set of operating systems that run on Apple's Macintosh line of computers. A memory corruption vulnerability exists in the Apple macOS Sierra SQLite SQL query, which can be exploited by a remote attacker to submit a special WEB page and trick the user into parsing it to execute...

Apple macOS Sierra SQLite SQL Query Arbitrary Code Execution Vulnerability

Apple macOS is an operating system that runs on Apple's Macintosh line of computers. An arbitrary code execution vulnerability exists in the Apple macOS Sierra SQLite SQL query, which can be exploited by a remote attacker to submit a special SQL query and execute arbitrary code...

UBUNTU-CVE-2017-2519

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial o...

SQL Injection Vulnerability in WinCMS id Parameter of Enterprise Business Technology

WinCMS is a website management system managed and developed by Tianjin Qishang Huichuang Technology Co. A SQL injection vulnerability exists in the WinCMS id parameter. The vulnerability allows attackers to exploit the vulnerability to obtain sensitive information in the database...

SQL Injection Vulnerability in 'menu_id' Parameter of Pioneer Hi-Tech Government System

Pioneer Hi-Tech Government System is an "easy technology" system. A SQL injection vulnerability exists in the 'menuid' parameter of the Pilot Hi-Tech Government System. This vulnerability can be exploited by attackers to obtain sensitive information from the database...

SQL Injection Vulnerability in EasySite WebService Interface

easySite Content Management System is a professional portal content management system developed and completed by ZKHUILIAN. EasySite WebService interface SQL injection vulnerability, the vulnerability stems from the WebService WSDL interface fails to submit sufficient data filtering caused by an...

flatCore SQL Injection Vulnerability

flatCore is a web content management system based on PHP5 and SQLite3. A SQL injection vulnerability exists in flatCore, which allows remote attackers to submit specially crafted SQL queries to manipulate or obtain database data...

Accellion FTA Device SQL Injection Vulnerability (CNVD-2017-07454)

Accellion FTA devices is a file transfer device from Accellion USA. The device supports file transfer, file sharing, file transfer tracking and reporting, and more. A SQL injection vulnerability exists in the reporterror.php file in versions of Accellion FTA devices prior to FTA912180. A remote...

SQL Injection Vulnerability in Zendo 9.1.2 zentao\lib\base\dao\dao.class.php Page

Zendo is an open source project management software. Zendo project management software version 9.1.2 zentao\lib\base\dao\dao.class.php page SQL injection vulnerability. The orderBy function fails to filter the data submitted by the user, allowing an attacker to exploit the vulnerability to obtain...

MODX Revolution SQL Injection Vulnerability

MODx is an open source PHP application framework that helps users control their online content. A SQL injection vulnerability exists in MODX Revolution versions 2.0.1-pl through 2.5.6-pl. An attacker can exploit the vulnerability to inject or manipulate SQL queries in the back-end database,...

SQL Injection Vulnerability in CUID Parameter of Hikvision's In-vehicle Remote Monitoring System AddUser.php File

Hikvision vehicle remote monitoring system is a set of vehicle video networking monitoring platform software. A SQL injection vulnerability exists in the parameter CUID of the AddUser.php file in Hikvision Vehicle Remote Monitoring System. It allows attackers to exploit the vulnerability to obtai...

S-CMS /member/member_wuliu.asp page O_id parameter has SQL injection vulnerability

S-CMS is a corporate website building system developed by Zibo Shining Network Technology Co. A SQL injection vulnerability exists in the S-CMS /member/memberwuliu.asp page. Due to insufficient filtering of user input, the program allows attackers to exploit the vulnerability to obtain sensitive...

SQL Injection Vulnerability in Netsun CMS typeid Parameter

Netsun CMS is a website management system managed and developed by Zhejiang Netsun Business Treasure Co. Netsun CMS suffers from a SQL injection vulnerability. The lack of filtering of the 'typeid' parameter allows an attacker to exploit the vulnerability to obtain sensitive database information...