4695 matches found
CVE-2023-33280
In the Store Commander scquickaccounting module for PrestaShop through 3.7.3, multiple sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection...
CVE-2022-30493
In oretnom23 Automotive Shop Management System v1.0, the product id parameter suffers from a blind SQL Injection Vulnerability allowing remote attackers to dump all database credential and gain admin accessprivilege escalation...
CVE-2022-36201
Doctor’s Appointment System v1.0 is vulnerable to Blind SQLi via settings.php...
CVE-2022-29686
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/lists/zhuan...
CVE-2022-29688
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/hy...
CVE-2022-29682
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/vod/admin/topic/del...
CVE-2022-29684
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/jsdel...
CVE-2022-29683
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/pagedel...
CVE-2022-29685
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/User/levelsort...
CVE-2022-29661
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/save...
CVE-2022-29305
imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost...
CVE-2022-28105
Online Sports Complex Booking System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /scbs/viewfacility.php...
CVE-2022-1013
The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability...
CVE-2022-24226
Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php...
CVE-2021-43969
The login.jsp page of Quicklert for Digium 10.0.0 1043 is affected by both Blind SQL Injection with Out-of-Band Interaction DNS and Blind Time-Based SQL Injections. Exploitation can be used to disclose all data within the database up to and including the administrative accounts' login IDs and...
CVE-2021-43789
PrestaShop is an Open Source e-commerce web application. Versions of PrestaShop prior to 1.7.8.2 are vulnerable to blind SQL injection using search filters with orderBy and sortOrder parameters. The problem is fixed in version 1.7.8.2...
CVE-2021-38393
A Blind SQL injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter agid before using it as part of an SQL query....
CVE-2021-32983
A Blind SQL injection vulnerability exists in the /DataHandler/HandlerCFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter keyword before using it as part of an SQL query. A...
CVE-2021-24345
The page lists-management feature of the Sendit WP Newsletter WordPress plugin through 2.5.1, available to Administrator users does not sanitise, validate or escape the idlista POST parameter before using it in SQL statement, therefore leading to Blind SQL Injection...
CVE-2021-3860
JFrog Artifactory before 7.25.4 Enterprise+ deployments only, is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query...