CVE-2018-25379

CVE-2018-25379 affects Collectric CMU 1.0 and describes a boolean-based blind SQL injection in the login flow through the lang parameter. The vulnerability allows unauthenticated attackers to influence database queries during authentication, enabling extraction of sensitive data via time-based bl...

CVE-2018-25371

The CVE-2018-25371 entry concerns mooSocial Store Plugin 2.6 with a blind SQL injection in the product parameter of the URL rewrite functionality. The vulnerability allows unauthenticated attackers to manipulate queries, enabling boolean-based blind, time-based blind, or stacked query techniques ...

CVE-2020-37242

Supsystic Ultimate Maps 1.1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'sidx' GET parameter. Attackers can send crafted requests to the getListForTbl action with boolean-based blind or...

CVE-2026-32954

ERP is a free and open source Enterprise Resource Planning tool. In versions prior to 16.8.0 and 15.100.0, certain endpoints were vulnerable to time-based and boolean-based blind SQL injection due to insufficient parameter validation, allowing attackers to infer database information. This issue h...

EUVD-2018-21679

WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the endpoint that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL payloads through the 'urun' parameter to execute boolean-based blind, error-based, time-based...

EUVD-2018-21657

Wecodex Restaurant CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the username parameter. Attackers can send POST requests to the login endpoint with malicious SQL payloads using boolean-based blin...

EUVD-2018-21663

SAT CFDI 3.3 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'id' parameter in the signIn endpoint. Attackers can submit POST requests with boolean-based blind, stacked queries, or time-based blind SQL injection payloa...

CVE-2018-25210

WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the endpoint that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL payloads through the 'urun' parameter to execute boolean-based blind, error-based, time-based...

CVE-2018-25201

School Management System CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit malicious payloads using boolean-based blind SQL injection techniques...

CVE-2018-25183

Shipping System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit malicious SQL payloads using boolean-based blind techniques in POST requests to the admin login...

CVE-2018-25206 KomSeo Cart 1.3 SQL Injection via edit.php

KomSeo Cart 1.3 contains an SQL injection vulnerability that allows attackers to inject SQL commands through the 'myitemsearch' parameter in edit.php. Attackers can submit POST requests with malicious SQL payloads to extract sensitive database information using boolean-based blind or error-based...

CVE-2018-25203

Online Store System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to index.php with the action=clientaccess parameter using boolean-based blin...

CVE-2018-25204 Library CMS 1.0 SQL Injection via admin login

Library CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can send POST requests to the admin login endpoint with boolean-based blind SQL injection payloads in the username...

CVE-2018-25202

SAT CFDI 3.3 is affected by an SQL injection in the signIn endpoint via the id parameter. The vulnerability allows attackers to manipulate queries using boolean-based blind, stacked, or time-based blind payloads to extract data or compromise the application. Public metrics indicate high severity ...

CVE-2018-25201 School Management System CMS 1.0 Admin Login SQL Injection

School Management System CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit malicious payloads using boolean-based blind SQL injection techniques...

CVE-2018-25185

CVE-2018-25185 affects Wecodex Restaurant CMS 1.0. The vulnerability is an SQL injection in the login endpoint where an unauthenticated attacker can inject SQL via the username parameter to manipulate database queries. Exploitation methods described include boolean-based blind or time-based blind...

CVE-2018-25185

Wecodex Restaurant CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the username parameter. Attackers can send POST requests to the login endpoint with malicious SQL payloads using boolean-based blin...

CVE-2018-25183 Shipping System CMS 1.0 SQL Injection via admin login

Shipping System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit malicious SQL payloads using boolean-based blind techniques in POST requests to the admin login...

CVE-2018-25183

Shipping System CMS 1.0 contains an SQL injection vulnerability affecting the admin login flow. An unauthenticated attacker can bypass authentication by injecting SQL via the username parameter and using boolean-based blind payloads in POST requests to the admin login endpoint to authenticate wit...

CVE-2018-25183 Shipping System CMS 1.0 SQL Injection via admin login

Shipping System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit malicious SQL payloads using boolean-based blind techniques in POST requests to the admin login...