Overview : An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL injection. Depending on the configuration, this vulnerability could be exploited unauthenticated or authenticated. Affected Product(s) : Zoho ManageEngine OpManager before 12.4 build 124089 Vulnerability Details : CVE ID : CVE-2019-17602 An issue was discovered […]
Overview : NETGEAR SRX5308 4.3.5-3 devices allow SQL Injection, as exploited in the wild in September 2019 to add a new user account. Affected Product(s) : NETGEAR SRX5308 4.3.5-3 Vulnerability Details : CVE ID : CVE-2019-17049 NETGEAR SRX5308 SQL Injection Vulnerability Solution : ** Update to Latest version **
Overview : A SQL injection vulnerability in the method Terrasoft.Core.DB.Column.Const() in Terrasoft Bpm’online CRM-System SDK 7.13 permits attackers to execute arbitrary SQL commands using the value parameter. Affected Product(s) : NVD (National Vulnerability Database) CWE Slice Vulnerability Details : CVE ID : CVE-2019-15301 Solution : The vulnerabilities are fixed in latest versions
Overview : vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter. Affected Product(s) : vBulletin 5.5.4 Vulnerability Details : CVE ID : CVE-2019-17271 1) User input passed through keys of the “where” parameter to the “ajax/api/hook/getHookList” endpoint is not properly validated before being used in an SQL query. This can be exploited […]
Overview : App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Zhuanti/group?id= substring. Affected Product(s) : TuziCMS 2.0.6 Vulnerability Details : CVE ID : CVE-2019-16644 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) (CWE-89) Solution : update/upgrade to the latest versions listed in the site.
