SEO Control Panel 3.6.0 - (Authenticated) SQL Injection

Exploit Title: Seo Control Panel 3.6.0 Authenticated Sql Injection Date: 10/10/2014 Exploit Author: Tiago Carvalho [email protected] or [email protected] Vendor Homepage: www.seopanel.in Software Link: http://www.seopanel.in/spdownload/ Version: Seo Panel Version 3.6.0 Tested on: Ka...

WordPress Huge IT Image Gallery Plugin 1.0.1 - Authenticated SQL Injection

An authenticated SQL injection allows an attacker to bypass a web application’s authentication mechanism and retrieve the contents of database. Solution Upgrade the plugin...

BSK PDF Manager < 1.5 - Multiple Authenticated SQL Injections

The plugin did not use prepared statement with the categoryid and pdfid parameter when viewing the /wp-admin/admin.php?page=bsk-pdf-manager and /wp-admin/admin.php?page=bsk-pdf-manager-pdfs page leading to Authenticated SQL Injection issues PoC...

PT-2014-5659 · Dolibarr · Dolibarr Erp/Crm

Name of the Vulnerable Software and Affected Versions: Dolibarr ERP/CRM version 3.5.3 Description: The issue allows remote authenticated users to execute arbitrary SQL commands. This can be achieved via the entity parameter in an update action to "user/fiche.php" or the sortorder parameter to...

Alienvault 4.5.0 - (Authenticated) SQL Injection (Metasploit)

The following request is vulnerable to a SQL injection attack from authenticated users. GET /ossim/report/BusinessAndComplianceISOPCI/ISO27001Bar1.php?datefrom=2014-02-28&dateto=2014-03-30 HTTP/1.1 Host: 172.31.16.150 User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:26.0 Gecko/20100101...