SQL injection Prevention - GET : Authentication bypass attempt with OR statement


Description  
     
Default
configuration
 
Profiles High Medium Low Internet
Action Block Block Block Block
Alarm Level Major Minor Minor Minor
     
References  
     
Available since   ASQ v5.0.0
     
Protects   Joomla Third-Party Plugins Multiple SQL Injection Vulnerabilities
Joomla Third-Party Plugins Multiple Vulnerabilities
Joomla Third-Party Plugins Multiple Vulnerabilities
Dolibarr Multiple Vulnerabilities
Joomla Third-Party Plugins Multiple Vulnerabilities
WordPress Third-Party Plugins Multiple Vulnerabilities
Joomla Core SQL Injection Vulnerability Fixed by 3.7.1
Joomla Third-Party Plugins Multiple Vulnerabilities
Joomla Third-Party Plugins Multiple SQL Injection Vulnerabilities
Joomla Third-Party Plugins Multiple Vulnerabilities
Joomla Third-Party Plugins Multiple SQL Injection Vulnerabilities
WordPress Third-Party Plugins Multiple Vulnerabilities
Joomla Third-Party Plugins Multiple Vulnerabilities
Joomla Third-Party Plugins Multiple Vulnerabilities
WordPress Third-Party Plugins Multiple Vulnerabilities
WordPress Third-Party Plugins Multiple Vulnerabilities
Joomla Third-Party Plugins Multiple Vulnerabilities
WordPress Third-Party Plugins Multiple Vulnerabilities
Joomla "DT Register" Plugin SQL Injection Vulnerability
WordPress Third-Party Plugins Multiple Vulnerabilities
WordPress Third-Party Modules Multiple Vulnerabilities
WordPress Third-Party Modules Multiple Vulnerabilities
Cisco Identity Services Engine SQL Injection Vulnerability
WordPress Third Party Modules Multiple Vulnerabilities
AlienVault Unified Security Management Multiple Vulnerabilities Fixed by 5.3.2
Joomla Third-Party Plugins Multiple Vulnerabilities
SAP Adaptive Server Enterprise (ASE) Multiple Vulnerabilities Fixed by September 2016 Patch Day
Joomla Third-Party Plugins Multiple Vulnerabilities
Joomla Third-Party Plugins Multiple Vulnerabilities
Zabbix Latest Data SQL Injection Vulnerability
Joomla "Event Registration Pro" SQL Injection Vulnerability
Joomla Third-Party Plugins Multiple Vulnerabilities
Joomla Third-Party Plugins Multiple Vulnerabilities
Joomla Third-Party Plugins Multiple Vulnerabilities
Red Hat JBoss BPM Suite Dashbuilder SQL Injection Vulnerability
Joomla Third-Party Plugins Multiple Vulnerabilities
Drupal 'menupereid' SQL injection Vulnerability
Riverbed SteelCentral NetProfiler Multiple Vulnerabilities Fixed by 10.9.0
Cisco Prime Collaboration Deployment SQL Injection Vulnerability
Joomla Third-Party Plugins Multiple Vulnerabilities
Nagios XI Multiple Vulnerabilities
Joomla Third-Party Plugins Multiple Vulnerabilities
phpMyAdmin Multiple Vulnerabilities Fixed by 4.6.2 and 4.4.15.6
GLPI "ajax/getDropdownConnect.php" SQL Injection Vulnerability Fixed by 0.90.3
Wordpress Multiple Third Party Plugins Multiple Vulnerabilities
Joomla Third-Party Modules Multiple Vulnerabilities
Cacti "tree.php" SQL Injection Vulnerability
Cacti "graph_template" Parameter "graphs_new.php" SQL Injection Vulnerability
Wordpress Multiple Third Party Plugins Multiple Vulnerabilities
Wordpress Multiple Third Party Plugins Multiple Vulnerabilities
BlackBerry Enterprise Server Management Console Multiple Vulnerabilities Fixed by 12.4
Joomla Third-Party Modules Multiple SQL Injection Vulnerabilities
Wordpress Multiple Third Party Plugins Multiple Vulnerabilities
Wordpress Multiple Third Party Plugins Multiple Vulnerabilities
Joomla Third-Party Modules Multiple Vulnerabilities
TestLink SQL Injection Vulnerability Fixed by 1.9.15
Atlassian Confluence Multiple Vulnerabilities Fixed by 5.8.17
Joomla Third-Party Modules Multiple Vulnerabilities
Cacti Multiple SQL Injection Vulnerabilities
Wordpress Multiple Third Party Plugins Multiple Vulnerabilities
Wordpress Multiple Third Party Plugins Multiple Vulnerabilities
Wordpress Multiple Third Party Plugins Multiple Vulnerabilities
Joomla Third-Party Modules Multiple Vulnerabilities
Cisco Secure Access Control Server (ACS) SQL Injection Vulnerability
Joomla Core Multiple Vulnerabilities Fixed by 3.4.5
Kerio Control Remote Command Execution Vulnerability
Wordpress Multiple Third Party Plugins Multiple Vulnerabilities
TestLink Multiple Vulnerabilities Fixed by 1.9.14
Wordpress Multiple Third Party Plugins Multiple Vulnerabilities
Cisco Prime Collaboration SQL Injection Vulnerability
Wordpress Multiple Third Party Plugins Multiple Vulnerabilities
Joomla Third-Party Modules Multiple Vulnerabilities
Joomla "JoomShopping" SQL Injection Vulnerability
Joomla Third-Party Modules Multiple Vulnerabilities
Merethis Centreon Blind SQL Injection and Authenticated Remote Command Execution Vulnerability
Wordpress Multiple Third Party Plugins Multiple Vulnerabilities
Cisco WebEx Meeting Center GET Parameter Vulnerability
TYPO3 Multiple Third-Party Components Vulnerabilities
Cisco Prime Collaboration Manager SQL Injection Vulnerability
Cacti Multiple Vulnerabilities Fixed by 0.8.8d
WordPress WP Symposium Plugin SQL Injection Vulnerability
WordPress Contus Video Gallery Plugin SQL Injection Vulnerability
WordPress Community Events Plugin Multiple SQL Injection Vulnerabilities
Cisco Unified Communications Manager Interactive Voice Response Interface SQL Injection Vulnerability
WordPress WP Business Intelligence Lite Plugin SQL Injection Vulnerability
Galette ZendDB Two SQL Injection Vulnerabilities
WordPress SEO by Yoast Plugin Cross-Site Request Forgery and SQL Injection Vulnerabilities
WordPress Store Locator Plugin "sl_vars[num_initial_displayed]" SQL Injection Vulnerability
SolarWinds Products "sort" and "dir" SQL Injection Vulnerabilities
phpBugTracker Multiple Vulnerabilities
WordPress Spider Event Calendar Plugin "cat_id" SQL Injection Vulnerability
F5 BIG-IP Application Security Manager Tree View Cross-Site Scripting Vulnerability
miniBB "code" SQL Injection Vulnerability
Zabbix Two SQL Injection Vulnerabilities
GLPI "condition" SQL Injection Vulnerability
PHP-Fusion Multiple SQL Injection Vulnerabilities
IP.Board "id" SQL Injection Vulnerability
ManageEngine Password Manager Pro Two SQL Injection Vulnerabilities
IP.Board IP.Content Module "cid" SQL Injection Vulnerability
BSS BS-Client Multiple Vulnerabilities
InvGate Service Desk Multiple SQL Injection Vulnerabilities
WordPress Polldaddy Polls & Ratings Plugin Cross-Site Scripting Vulnerability
web2Project Multiple SQL Injection Vulnerabilities
Videos Tube "url" SQL Injection Vulnerability
ZeroCMS Multiple Vulnerabilities
webEdition "tblFile" SQL Injection Vulnerability
NULL NUKE Cross-Site Request Forgery and SQL Injection Vulnerabilities
Free Help Desk Script Insertion and SQL Injection Vulnerabilities
Xerox DocuShare URL SQL Injection Vulnerability
mAdserve Multiple "id" SQL Injection Vulnerabilities
Jigowatt PHP Event Calendar "year" SQL Injection Vulnerability
Netvolution CMS SQL Injection Vulnerability
WordPress mTouch Quiz Plugin "quiz" Cross-Site Scripting and SQL Injection Vulnerabilities
Joomla! AJAX Shoutbox Component "jal_lastID" SQL Injection Vulnerability
couponPHP Two Cross-Site Scripting Vulnerabilities
Ganesha Digital Library Cross-Site Scripting and SQL Injection Vulnerabilities
Cory Support "q" SQL Injection Vulnerability
POSH Weakness and Two Vulnerabilities
GeoCore Multiple SQL Injection Vulnerabilities
HostBill Staff Tickets SQL Injection Vulnerability
OpenDocMan Security Bypass and SQL Injection Vulnerabilities
Pina CMS Cross-Site Scripting Vulnerability
ITechClassifieds Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
mySeat Restaurant Reservation System Cross-Site Scripting and SQL Injection Vulnerabilities
Collabtive Script Insertion and SQL Injection Vulnerabilities
Horizon QCMS File Disclosure and SQL Injection Vulnerabilities
UAEPD Shopping Cart Script Multiple SQL Injection Vulnerabilities
CUBIC CMS Multiple Vulnerabilities
AuctionWebScript Lowest Unique Bid Auction "id" SQL Injection Vulnerability
AuctionWebScript Ebay Clone "id" SQL Injection Vulnerability
AuctionWebScript Penny Auction "id" SQL Injection Vulnerability
WordPress FormCraft Plugin "id" SQL Injection Vulnerability
Testa OTMS "test_id" SQL Injection Vulnerability
ViciDial Asterisk GUI Client SQL Injection and Arbitrary Command Execution Vulnerability
Dolibarr "sondage" SQL Injection Vulnerability
Bilboplanet Cross-Site Scripting and SQL Injection Vulnerabilities
Aanval SAS Cross-Site Scripting and SQL Injection Vulnerabilities
Posnic Stock Management System Cross-Site Scripting and SQL Injection Vulnerabilities
Flo CMS "archivem" SQL Injection Vulnerability
myBusinessAdmin "id" SQL Injection Vulnerability
DotNetNuke DNNArticle Module "categoryid" SQL Injection Vulnerability
Quack Chat Cross-Site Scripting and Script Insertion Vulnerabilities
Joomla! redSHOP Component "pid" SQL Injection Vulnerability
MLM Auction "id" SQL Injection Vulnerability
Cotonti "c" SQL Injection Vulnerability
2daybiz Multi Level Marketing Software Cross-Site Scripting and SQL Injection Vulnerabilities
Saurus CMS Multiple Vulnerabilities
McAfee ePolicy Orchestrator Multiple Cross-Site Scripting Vulnerabilities
ivote "id" SQL Injection Vulnerability
Top Games Script "gid" SQL Injection Vulnerability
ClientExec Security Issue and Multiple Vulnerabilities
Fobuc Guestbook "category" SQL Injection Vulnerability
Matterdaddy Market Cross-Site Scripting and SQL Injection Vulnerabilities
WordPress Spider Catalog Plugin Cross-Site Scripting and SQL Injection Vulnerabilities
Ajax Availability Calendar Multiple Vulnerabilities
Joomla! DJ-Classifieds Component "se_regs[]" SQL Injection Vulnerability
EasyWebScripts Craigslist Clone "catid" SQL Injection Vulnerability
b2evolution "show_statuses[]" SQL Injection Vulnerability
phpVMS PopUpNews Module SQL Injection Vulnerability
rebus:list "list_id" SQL Injection Vulnerability
daloRADIUS Multiple Vulnerabilities
Joomla! RSFiles! Component "cid" SQL Injection Vulnerability
Nconf Path Disclosure Weakness and Cross-Site Scripting Vulnerability
PHP-Fusion Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
EasyWebScripts eBay Clone Script Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
Scripts Genie Domain Trader "id" SQL Injection Vulnerability
Gallery Personals "L" SQL Injection Vulnerability
Games Site Script "id" SQL Injection Vulnerability
OpenEMR Multiple Vulnerabilities
AdaptCMS Multiple Vulnerabilities
ImageCMS "q" SQL Injection Vulnerability
WordPress WP Symposium Plugin Multiple SQL Injection Vulnerabilities
Classified Ultra "cname" Cross-Site Scripting and "c" SQL Injection Vulnerabilities
Website Baker Concert Calendar Add-on Cross-Site Scripting and SQL Injection Vulnerabilities
WordPress Shopping Cart Plugin Multiple SQL Injection Vulnerabilities
MyBB HM_My Country Flags Plugin "cnam" SQL Injection Vulnerability
Guru Auction Two SQL Injection Vulnerabilities
Elite Bulletin Board Multiple SQL Injection Vulnerabilities
MyBB Transactions Plugin "transaction" SQL Injection Vulnerability
MyBB Profile Blogs Plugin Script Insertion and SQL Injection Vulnerabilities
MyBB Tips Of The Day Plugin Script Insertion and SQL Injection Vulnerabilities
Joomla! JooProperty Component Multiple Vulnerabilities
Newscoop "f_email" SQL Injection Vulnerability
Beat Websites "id" SQL Injection Vulnerability
Baby Gekko Multiple Cross-Site Scripting Vulnerabilities
MYRE Vacation Rental Software Cross-Site Scripting and SQL Injection Vulnerabilities
The FAQ Manager Two SQL Injection Vulnerabilities
netOffice Dwins Multiple SQL Injection Vulnerabilities
Intramaps Multiple Vulnerabilities
WordPress Hitasoft FLV Player Plugin "id" SQL Injection Vulnerability
Joomla! Spider Catalog Component "product_id" SQL Injection Vulnerability
WordPress FireStorm Professional Real Estate Plugin "id" SQL Injection Vulnerability
Joomla! Commedia Component "id" SQL Injection Vulnerability
ManageEngine Security Manager Plus File Disclosure and SQL Injection Vulnerabilities
Cartweaver Local File Inclusion and SQL Injection Vulnerabilities
Campaign Enterprise "UID" SQL Injection Vulnerability
MyBB Profile Albums Plugin SQL Injection Vulnerability
airVision NVR "path" Arbitrary File Disclosure and "id" SQL Injection Vulnerabilities
WordPress Spider Calendar Plugin Cross-Site Scripting and SQL Injection Vulnerabilities
TorrentTrader Cross-Site Scripting and SQL Injection Vulnerabilities
webERP Multiple Vulnerabilities
LuxCal Web Calendar "id" SQL Injection Vulnerability
TAGWORX.CMS "cid" SQL Injection Vulnerability
Auxilium PetRatePro Multiple Vulnerabilities
LimeSurvey Multiple Vulnerabilities
Joomla! Spider Calendar Lite Component "date" SQL Injection Vulnerability
WordPress HD Webplayer Plugin Two SQL Injection Vulnerabilities
Joomla! Komento Component RSS Feed "cid" SQL Injection Vulnerability
OrderSys Two Cross-Site Scripting Vulnerabilities
YourArcadeScript SQL Injection and Cross-Site Request Forgery Vulnerabilities
ManageEngine OpStor SQL Injection and Cross-Site Scripting Vulnerabilities
Flynax General Classifieds Multiple Cross-Site Scripting Vulnerabilities
Cyclope Employee Surveillance Solution Security Bypass and SQL Injection Vulnerabilities
Total Shop UK eCommerce URL SQL Injection Vulnerability
1024 CMS "id" and "p" SQL Injection Vulnerabilities
Joomla! En Masse Component "sortBy" SQL Injection Vulnerability
TCExam Cross-Site Scripting and SQL Injection Vulnerabilities
Joomla! Joomgalaxy Component "catid" SQL Injection Vulnerability
Limny "escape()" SQL Injection Vulnerability
Ushahidi Multiple Vulnerabilities
CuteFlow Multiple Vulnerabilities
Zabbix "itemid" SQL Injection Vulnerability
Spiceworks snmpd.conf Script Insertion Vulnerabilities
WordPress WP Symposium Plugin Multiple SQL Injection Vulnerabilities
WordPress Sendit Newsletter Plugin "id" SQL Injection Vulnerability
MGB Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
GuestBook Script Multiple Cross-Site Scripting Vulnerabilities
MBB CMS Multiple Vulnerabilities
LIOOSYS CMS "id" SQL Injection Vulnerability
WordPress Website FAQ Plugin "category" SQL Injection Vulnerability
100 last CVE   CVE-2018-7717
CVE-2018-17397
CVE-2018-17394
CVE-2018-17385
CVE-2018-17384
CVE-2018-17383
CVE-2018-17382
CVE-2018-17380
CVE-2018-17379
CVE-2018-17378
CVE-2018-17377
CVE-2018-17376
CVE-2018-17375
CVE-2017-9337
CVE-2017-9336
CVE-2017-8917
CVE-2017-6098
CVE-2017-6097
CVE-2017-6096
CVE-2017-6095
CVE-2017-2550
CVE-2017-2168
CVE-2017-18345
CVE-2017-17900
CVE-2017-17899
CVE-2017-17898
CVE-2017-17897
CVE-2017-15966
CVE-2017-15965
CVE-2017-1002022
CVE-2017-1002021
CVE-2017-1002020
CVE-2017-1002019
CVE-2017-1002018
CVE-2017-1002017
CVE-2016-8583
CVE-2016-8582
CVE-2016-8581
CVE-2016-8580
CVE-2016-6453
CVE-2016-5099
CVE-2016-5098
CVE-2016-5097
CVE-2016-4999
CVE-2016-3659
CVE-2016-3172
CVE-2016-1915
CVE-2016-1914
CVE-2016-1437
CVE-2016-10134
CVE-2016-1000271
CVE-2016-1000124
CVE-2016-0770
CVE-2016-0769
CVE-2016-0765
CVE-2015-8399
CVE-2015-8398
CVE-2015-8377
CVE-2015-8369
CVE-2015-7899
CVE-2015-7859
CVE-2015-7858
CVE-2015-7857
CVE-2015-7683
CVE-2015-7682
CVE-2015-7670
CVE-2015-7669
CVE-2015-7668
CVE-2015-7667
CVE-2015-7666
CVE-2015-7527
CVE-2015-7517
CVE-2015-7391
CVE-2015-7390
CVE-2015-7377
CVE-2015-7357
CVE-2015-7319
CVE-2015-7297
CVE-2015-6345
CVE-2015-6329
CVE-2015-6238
CVE-2015-5472
CVE-2015-5471
CVE-2015-5469
CVE-2015-5461
CVE-2015-4454
CVE-2015-4342
CVE-2015-4208
CVE-2015-4188
CVE-2015-4109
CVE-2015-4075
CVE-2015-4074
CVE-2015-4073
CVE-2015-4072
CVE-2015-4071
CVE-2015-3325
CVE-2015-3313
CVE-2015-3173
CVE-2015-2803
CVE-2015-2665


 
 
 
 
 Risk level 
Moderate