SOPlanning 安全漏洞

SOPlanning is a suite of online project management software from SOPlanning. A security vulnerability exists in SOPlanning. An attacker exploiting the vulnerability could access the underlying database...

NocoDB SQL Injection Vulnerability

NocoDB is an open source Airtable replacement. Convert any MySql, PostgreSql, Sql Server, Sqlite and MariaDb into a smart spreadsheet. A security vulnerability exists in Nocodb version 0.109.2. An attacker exploiting this vulnerability can query the underlying database...

Sql injection

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and...

Sql injection

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and...

Sql injection

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and...

Apache DolphinScheduler SQL注入漏洞

Apache DolphinScheduler is a distributed, decentralized, and easily scalable visual DAG workflow task scheduling platform developed by the Apache Foundation. Dedicated to solving the intricate dependencies in the data processing process and making the scheduling system work out-of-the-box in the...

Aruba ClearPass Policy Manager SQL注入漏洞

HPE Aruba ClearPass Policy Manager is a Network Access Control NAC solution.A SQL injection vulnerability exists in HPE Aruba ClearPass Policy Manager. An attacker could use this vulnerability to obtain and modify information in the underlying database...

Sql injection

PNPSCADA 2.200816204020 allows SQL injection via parameter 'interf' in /browse.jsp. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database...

CVE-2020-26045

FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database...

Sql injection

WebsiteBaker 2.12.2 allows SQL Injection via parameter 'displayname' in /websitebaker/admin/preferences/save.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database...

CVE-2020-3450

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative credentials to conduct SQL injection attacks on an affected system. The vulnerability is due to improper validation of user-submitted...

Sql injection

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative credentials to conduct SQL injection attacks on an affected system. The vulnerability is due to improper validation of user-submitted...

Sql injection

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this...

CVE-2020-3154 Cisco Cloud Web Security SQL Injection Vulnerability

A vulnerability in the web UI of Cisco Cloud Web Security CWS could allow an authenticated, remote attacker to execute arbitrary SQL queries. The vulnerability exists because the web-based management interface improperly validates SQL values. An authenticated attacker could exploit this...

WordPress Top-10 Plugin SQL Injection Vulnerability

WordPress is a set of blogging platform developed by WordPress Software Foundation using PHP language, which supports setting up personal blog sites on servers with PHP and MySQL.Top-10 is one of the plug-ins that calculates the number of daily visits and total number of visits to each post and...

Avaya Radvision SCOPIA Desktop SQL Injection Vulnerability

Avaya Radvision SCOPIA Desktop is a high-definition desktop video software. Avaya Radvision SCOPIA Desktop suffers from a SQL injection vulnerability that originates from the program's failure to adequately validate user-supplied data prior to its utility in a SQL query. An attacker could use thi...

Multiple SQL Injection Vulnerabilities in Trend Micro Control Manager

Trend Micro Control Manager TMCM is an integrated threat detection and data protection management center software from Trend Micro. Trend Micro Control Manager has multiple SQL injection vulnerabilities. The vulnerabilities could be exploited by an attacker to gain access to the underlying databa...

WordPress Plugin FB Gorilla - 'game_play.php' SQL Injection

source: https://www.securityfocus.com/bid/69222/info FB Gorilla plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent...

Fonality trixbox - index.php Remote Code Execution

Fonality trixbox - index.php Remote Code Execution source: https://www.securityfocus.com/bid/68719/info ol-commerce is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these...

xClassified - ads.php SQL Injection

xClassified - ads.php SQL Injection source: https://www.securityfocus.com/bid/68438/info xClassified is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise...