4697 matches found
CVE-2024-25893
The CVE-2024-25893 entry concerns ChurchCRM 5.5.0, where FRCertificates.php is vulnerable to a Blind SQL Injection (time-based) through the CurrentFundraiser GET parameter. Red Hat, NVD, OSV, and other connected records consistently describe this same issue in ChurchCRM 5.5.0, indicating the unde...
CVE-2024-25894
CVE-2024-25894 affects ChurchCRM 5.5.0, specifically EventEditor.php, where a time-based blind SQL injection via the EventCount POST parameter is reported. Affected item: ChurchCRM 5.5.0 /EventEditor.php; vulnerability class: Blind SQL Injection (Time-based). Underlying cause and impact are state...
CVE-2024-25894
ChurchCRM 5.5.0 /EventEditor.php is vulnerable to Blind SQL Injection Time-based via the EventCount POST parameter...
CVE-2024-25897
CVE-2024-25897 affects ChurchCRM 5.5.0, specifically the FRCatalog.php endpoint where a time-based blind SQL injection is exploitable via the CurrentFundraiser GET parameter. Attack surface: web/API call to FRCatalog.php with CurrentFundraiser values can yield high-impact exposure (as reflected i...
CVE-2024-25892
ChurchCRM 5.5.0 is affected by a Blind SQL Injection (time-based) in ConfirmReport.php, exploitable via the familyId GET parameter. The CVE indicates a high-severity issue with impact on confidentiality, integrity, and availability, and a network attack vector with no user interaction required. R...
JFrog Artifactory < 7.25.4 - Blind SQL Injection Exploit
Exploit Title: artifactory low-privileged blind sql injection Exploit Author: ardr Vendor Homepage:https://jfrog.com/help/r/jfrog-release-information/cve-2021-3860-artifactory-low-privileged-blind-sql-injection Software Link:...
JFrog Artifactory < 7.25.4 - Blind SQL Injection
Exploit Title: artifactory low-privileged blind sql injection Google Dork: Date: Exploit Author: ardr Vendor Homepage:https://jfrog.com/help/r/jfrog-release-information/cve-2021-3860-artifactory-low-privileged-blind-sql-injection Software Link:...
JFrog Artifactory SQL Injection
Exploit Title: artifactory low-privileged blind sql injection Google Dork: Date: Exploit Author: ardr Vendor Homepage:https://jfrog.com/help/r/jfrog-release-information/cve-2021-3860-artifactory-low-privileged-blind-sql-injection Software Link:...
Sql injection
Blind SQL Injection vulnerability in CU Solutions Group CUSG Content Management System CMS before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the pages.php component...
Amazon Linux AMI : cacti (ALAS-2024-1915)
The version of cacti installed on the remote host is prior to 1.1.19-6.24. It is, therefore, affected by a vulnerability as referenced in the ALAS-2024-1915 advisory. Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection SQLi vulnerabili...
Important: cacti
Issue Overview: Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection SQLi vulnerability within the SNMP Notification Receivers feature in the file 'managers.php'. An authenticated attacker with the "Settings/Utilities" permission can se...
CVE-2023-50030
In the module "Jms Setting" jmssetting from Joommasters for PrestaShop, a guest can perform SQL injection in versions = 1.1.0. The method JmsSetting::getSecondImgs has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a blind SQL injection...
CVE-2023-50030
In the module "Jms Setting" jmssetting from Joommasters for PrestaShop, a guest can perform SQL injection in versions = 1.1.0. The method JmsSetting::getSecondImgs has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a blind SQL injection...
CVE-2023-50030
In the module "Jms Setting" jmssetting from Joommasters for PrestaShop, a guest can perform SQL injection in versions = 1.1.0. The method JmsSetting::getSecondImgs has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a blind SQL injection...
CVE-2021-24151
The WP Editor WordPress plugin before 1.2.7 did not sanitise or validate its setting fields leading to an authenticated admin+ blind SQL injection issue via an arbitrary parameter when making a request to save the settings...
CVE-2021-24151
Summary of CVE-2021-24151 : The WP Editor WordPress plugin (versions before 1.2.7) contains an authenticated (admin+) blind SQL injection vulnerability in its settings save path caused by failure to sanitize/validate setting fields. This allows an arbitrary parameter to influence the SQL query du...
PT-2024-10887 · WordPress · Wp Editor
Name of the Vulnerable Software and Affected Versions: WP Editor WordPress plugin version 1.2.6 and earlier Description: The issue is related to an authenticated blind SQL injection problem. It occurs because the plugin does not properly sanitise or validate its setting fields, allowing an...
CVE-2023-6921
Blind SQL Injection vulnerability in PrestaShow Google Integrator PrestaShop addon allows for data extraction and modification. This attack is possible via command insertion in one of the cookies...
Sql injection
Blind SQL Injection vulnerability in PrestaShow Google Integrator PrestaShop addon allows for data extraction and modification. This attack is possible via command insertion in one of the cookies...
DEBIAN-CVE-2023-51448
Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection SQLi vulnerability within the SNMP Notification Receivers feature in the file ‘managers.php’. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTT...