CVE-2021-35487

Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates for the Manage Alerts page via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user,...

CVE-2021-25784

Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article...

CVE-2021-24360

The Yes/No Chart WordPress plugin before 1.0.12 did not sanitise its sid shortcode parameter before using it in a SQL statement, allowing medium privilege users contributor+ to perform Blind SQL Injection attacks...

CVE-2021-44915

Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category...

CVE-2021-25783

Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article Search...

CVE-2021-38391

A Blind SQL injection vulnerability exists in the /DataHandler/AM/AMHandler.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter type before using it as part of an SQL query. A...

CVE-2020-20585

A blind SQL injection in /admin/?n=logs=index=dode of Metinfo 7.0 beta allows attackers to access sensitive database information...

CVE-2020-26248

In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module...

CVE-2020-15792

A vulnerability has been identified in Desigo Insight All versions. The web service does not properly apply input validation for some query parameters in a reserved area. This could allow an authenticated attacker to retrieve data via a content-based blind SQL injection attack...

CVE-2020-11530

A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to getscript/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user...

CVE-2020-10218

A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the HolidaydatesController.php addAction function...

CVE-2020-14982

A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later before 4.0 affecting the com.threeis.webta.H352premPayRequest servlet's SortBy parameter allows an attacker with the Employee, Supervisor, or Timekeeper role to read sensitive data from the database...

CVE-2020-25362

The id paramater in Online Shopping Alphaware 1.0 has been discovered to be vulnerable to an Error-Based blind SQL injection in the /alphaware/details.php path. This allows an attacker to retrieve all databases...

CVE-2020-23630

A blind SQL injection vulnerability exists in zzcms ver201910 based on time cookie injection...

CVE-2020-21725

OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the pid parameter...

CVE-2017-1002015

Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/adminsetting.php via selectMulGallery parameter...

CVE-2019-3577

An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/ProductAction.class.php allows blind SQL Injection via the id0 parameter to the /product URI...

CVE-2018-1000890

FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter "filterType" in /attachments.php that can allow the attacker to grab the entire database of the application...

CVE-2019-10852

Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers=startpulling= substring...

CVE-2018-20770

An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is Blind SQL Injection...