CVE-2025-31966

CVE-2025-31966 : HCL Sametime is vulnerable due to broken server-side validation that fails to enforce client-side input checks. An attacker can bypass restrictions by sending manipulated HTTP requests directly to the server. The documented CVSS 3.1 metrics indicate a LOW base score (2.7), with n...

CVE-2019-25506

FreeSMS 2.1.2 contains a boolean-based blind SQL injection vulnerability in the password parameter that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login endpoint. Attackers can exploit the vulnerable password parameter in requests to...

CVE-2021-35484

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic for the View Campaign page via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive...

CVE-2025-56700

Boolean SQL injection vulnerability in the web app of Base Digitale Group spa product Centrax Open PSIM version 6.1 allows a low level priviliged user that has access to the platform, to execute arbitrary SQL commands via the datafine parameter...

EUVD-2025-34774

Boolean SQL injection vulnerability in the web app of Base Digitale Group spa product Centrax Open PSIM version 6.1 allows a low level priviliged user that has access to the platform, to execute arbitrary SQL commands via the datafine parameter...

CVE-2025-56700

Boolean SQL injection vulnerability in the web app of Base Digitale Group spa product Centrax Open PSIM version 6.1 allows a low level priviliged user that has access to the platform, to execute arbitrary SQL commands via the datafine parameter...

PT-2025-38619

Name of the Vulnerable Software and Affected Versions MapServer versions prior to 8.4.1 Description MapServer, a system for developing web-based GIS applications, contains a flaw in the XML Filter Query directive PropertyName. The PropertyName directive is susceptible to Boolean-based SQL injecti...

PT-2024-7538

Name of the Vulnerable Software and Affected Versions ZoneMinder versions 1.37. through 1.37.64 Description The issue is related to a boolean-based SQL injection vulnerability in the web/ajax/event.php function of ZoneMinder. This vulnerability arises from a lack of input validation for the tagId...

CVE-2021-35212

An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. A blind Boolean SQL injection which could lead to full read/write over the Orion database content including the Orion certificate for any authenticated user...

Zomato: [www.zomato.com] Boolean SQLi - /███████.php

@gerbenjavado found that the parameter brids which was a JSON array was vulnerable to boolean SQL injection. POC Requesting MID0x352e362e33332d6c6f67,1,1//LIKE//5 hex == @@version resulted in a 500 HTTP status and MID0x352e362e33332d6c6f67,1,1//LIKE//4 resulted in a 200 HTTP status. Showing that...