4695 matches found
CVE-2024-6919
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Blind SQL Injection. This issue affects NACPremium: through 01082024...
CVE-2024-25897
ChurchCRM 5.5.0 FRCatalog.php is vulnerable to Blind SQL Injection Time-based via the CurrentFundraiser GET parameter...
CVE-2024-25893
ChurchCRM 5.5.0 FRCertificates.php is vulnerable to Blind SQL Injection Time-based via the CurrentFundraiser GET parameter...
CVE-2024-25896
ChurchCRM 5.5.0 EventEditor.php is vulnerable to Blind SQL Injection Time-based via the EID POST parameter...
CVE-2024-25892
ChurchCRM 5.5.0 ConfirmReport.php is vulnerable to Blind SQL Injection Time-based via the familyId GET parameter...
CVE-2024-25894
ChurchCRM 5.5.0 /EventEditor.php is vulnerable to Blind SQL Injection Time-based via the EventCount POST parameter...
CVE-2024-37765
Machform up to version 19 is affected by an authenticated Blind SQL injection in the user account settings page...
CVE-2024-56801
Tasklists provides plugin tasklists for GLPI. Versions prior to 2.0.4 have a blind SQL injection vulnerability. Version 2.0.4 contains a patch for the vulnerability...
CVE-2024-4890
A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'userid' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability b...
CVE-2023-22378
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application. Authenticated users may be able to extract arbitrary...
CVE-2023-50030
In the module "Jms Setting" jmssetting from Joommasters for PrestaShop, a guest can perform SQL injection in versions = 1.1.0. The method JmsSetting::getSecondImgs has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a blind SQL injection...
CVE-2023-33279
In the Store Commander scfixmyprestashop module through 2023-05-09 for PrestaShop, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection...
CVE-2023-3197
The MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the 'id' parameter in versions up to, and including, 4.0.1 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This makes it possible...
CVE-2023-28883
In Cerebrate 1.13, a blind SQL injection exists in the searchAll API endpoint...
CVE-2023-23315
The PrestaShop e-commerce platform module stripejs contains a Blind SQL injection vulnerability up to version 4.5.5. The method stripejsValidationModuleFrontController::initContent has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection...
CVE-2023-0765
The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Slider plugin https://wordpress.org/plugins/slider-bws/ must...
CVE-2023-3416
The tagDiv Opt-In Builder plugin is vulnerable to Blind SQL Injection via the 'subscriptionCouponId' parameter via the 'createstripesubscription' REST API endpoint in versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...
CVE-2023-42283
Blind SQL injection in apiid parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query...
CVE-2023-42284
Blind SQL injection in apiversion parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query...
CVE-2023-6921
Blind SQL Injection vulnerability in PrestaShow Google Integrator PrestaShop addon allows for data extraction and modification. This attack is possible via command insertion in one of the cookies...