Lucene search
+L

70 matches found

Vulnrichment
Vulnrichment
added 2026/03/26 11:39 a.m.8 views

CVE-2018-25206 KomSeo Cart 1.3 SQL Injection via edit.php

KomSeo Cart 1.3 contains an SQL injection vulnerability that allows attackers to inject SQL commands through the 'myitemsearch' parameter in edit.php. Attackers can submit POST requests with malicious SQL payloads to extract sensitive database information using boolean-based blind or error-based...

8.8CVSS6AI score0.00245EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/26 11:39 a.m.22 views

CVE-2018-25204 Library CMS 1.0 SQL Injection via admin login

Library CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can send POST requests to the admin login endpoint with boolean-based blind SQL injection payloads in the username...

8.8CVSS0.00541EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/26 11:39 a.m.3 views

CVE-2018-25203

Online Store System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to index.php with the action=clientaccess parameter using boolean-based blin...

8.8CVSS6AI score0.00334EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/03/26 11:39 a.m.14 views

CVE-2018-25202

SAT CFDI 3.3 is affected by an SQL injection in the signIn endpoint via the id parameter. The vulnerability allows attackers to manipulate queries using boolean-based blind, stacked, or time-based blind payloads to extract data or compromise the application. Public metrics indicate high severity ...

8.8CVSS6AI score0.00245EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/26 11:39 a.m.23 views

CVE-2018-25201 School Management System CMS 1.0 Admin Login SQL Injection

School Management System CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit malicious payloads using boolean-based blind SQL injection techniques...

7.1CVSS0.00498EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/26 11:39 a.m.3 views

CVE-2018-25185

Wecodex Restaurant CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the username parameter. Attackers can send POST requests to the login endpoint with malicious SQL payloads using boolean-based blin...

8.8CVSS6AI score0.00468EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/03/26 11:39 a.m.9 views

CVE-2018-25185

CVE-2018-25185 affects Wecodex Restaurant CMS 1.0. An SQL injection via the username parameter in the login endpoint permits unauthenticated attackers to manipulate queries and extract data using boolean-based or time-based blind techniques. Public references describe the vulnerability and show a...

9.8CVSS6AI score0.00468EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/26 11:39 a.m.21 views

CVE-2018-25183 Shipping System CMS 1.0 SQL Injection via admin login

Shipping System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit malicious SQL payloads using boolean-based blind techniques in POST requests to the admin login...

8.8CVSS0.0052EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/26 11:39 a.m.3 views

CVE-2018-25183 Shipping System CMS 1.0 SQL Injection via admin login

Shipping System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit malicious SQL payloads using boolean-based blind techniques in POST requests to the admin login...

8.8CVSS6AI score0.0052EPSS
Exploits1References3
CVE
CVE
added 2026/03/26 11:39 a.m.18 views

CVE-2018-25183

The data shows a concrete vulnerability in Shipping System CMS 1.0: an SQL injection that allows unauthenticated attackers to bypass login by injecting SQL via the username field in the admin login endpoint. Attack payloads are described as boolean-based blind techniques in POST requests to authe...

9.8CVSS6AI score0.0052EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.10 views

PT-2026-28242

ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the 'query' parameter in the search functionality. Attackers can submit malicious SQL payloads via GET or POST requests to the /search endpoint to extract sensitive...

8.8CVSS6AI score0.00267EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.7 views

PT-2026-28240

Name of the Vulnerable Software and Affected Versions Online Store System CMS version 1.0 Description An SQL injection allows unauthenticated attackers to manipulate database queries. This is achieved by sending POST requests to the 'index.php' endpoint with the action parameter set to...

8.8CVSS5.9AI score0.00334EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/25 4:4 p.m.32 views

CVE-2024-58341 OpenCart Core 4.0.2.3 SQL Injection via search Parameter

OpenCart Core 4.0.2.3 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'search' parameter. Attackers can send GET requests to the product search endpoint with malicious 'search' values to extract sensitiv...

8.8CVSS0.00338EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.8 views

Frappe SQL注入漏洞

Frappe is a web development framework based on Python and Mariadb, with integrated front-end pages, developed by the Indian company Frappe. Versions of Frappe prior to 16.8.0 and 15.100.0 have a SQL injection vulnerability. This vulnerability stems from insufficient parameter validation, which ma...

7.5CVSS5.9AI score0.00314EPSS
Exploits0References3
NVD
NVD
added 2026/03/12 4:16 p.m.7 views

CVE-2019-25529

Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Attackers can send GET requests to the admin/edit.php endpoint with malicious 'page' values using boolean-based...

7.1CVSS0.00284EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/12 3:37 p.m.4 views

CVE-2019-25529 Placeto CMS Alpha rv.4 SQL Injection via page Parameter

Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Attackers can send GET requests to the admin/edit.php endpoint with malicious 'page' values using boolean-based...

7.1CVSS5.9AI score0.00284EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/04 5:15 p.m.33 views

CVE-2019-25506 FreeSMS 2.1.2 Authentication Bypass via SQL Injection

FreeSMS 2.1.2 contains a boolean-based blind SQL injection vulnerability in the password parameter that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login endpoint. Attackers can exploit the vulnerable password parameter in requests to...

8.8CVSS0.00453EPSS
Exploits1References2
NVD
NVD
added 2026/03/03 6:16 p.m.11 views

CVE-2021-35484

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic for the View Campaign page via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive...

8.2CVSS0.00235EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/03 12:0 a.m.6 views

CVE-2021-35484

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic for the View Campaign page via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive...

8.2CVSS6AI score0.00235EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.12 views

PT-2026-22759

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic for the View Campaign page via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive...

6AI score0.00235EPSS
Exploits0References4
Rows per page
Query Builder