70 matches found
CVE-2021-35487
Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates for the Manage Alerts page via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user,...
Sql injection
Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates for the Manage Alerts page via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user,...
CVE-2021-35487
Summary : CVE-2021-35487 affects Nokia Broadcast Message Center up to version 11.1.0. An authenticated user can perform a Boolean Blind SQL Injection on the /owui/block/send-receive-updates endpoint via the extIdentifier HTTP POST parameter, enabling retrieval of the database user, database name,...
CVE-2021-41609
SQL injection in the ID parameter of the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve data from the application's backend database via boolean-based blind and UNION injection...
Mirage – Fancy Clone - SQL Injection
Mirage – Fancy Clone - SQL Injection Mirage – Fancy Clone, the presence of the parameter filter is not strict, leading to a sql injection vulnerability, if the other server is turned on the error display, can directly use, if you turn off the error display, you can use the time-based and Boolean...
Joomla! Component Simple Membership 3.3.3 - 'userId' Parameter SQL Injection
Joomla! Component Simple Membership 3.3.3 - the 'userId' Parameter SQL Injection Joomla! Component Simple Membership 3.3.3, the presence of the parameter filter is not strict, leading to a sql injection vulnerability, if the other server is turned on the error display, can directly use, if you tu...
Zigaform - SQL injection vulnerability
Zigaform the modelforms. in php form parameters into SQL statements cause SQL injection Injection point: http://localhost/PATH/formbuilder/frontend/viewform/? form=SQL payload: AND SELECT 2120 FROMSELECT COUNT,CONCAT0x716a7a6271,SELECT ELT2120=2120,1,0x7171767071,FLOORRAND02,md5233x FROM...
HotelCMS with Booking Engine - SQL injection vulnerability
http://localhost/PATH/locale? locale=SQL the locale parameter there is sql injection Wherein the error injection as follows: payload: http://localhost/PATH/locale? locale=1' AND SELECT 3507 FROMSELECT COUNT,CONCATFLOORRAND02,md5233x FROM INFORMATIONSCHEMA. The PLUGINS GROUP BY xa-- Lilt Test...
LocalTapiola: SQL Injection in lapsuudenturva (viestinta.lahitapiola.fi)
Basic report information Summary: Hi, The ctxvarsemail parameter in http://viestinta.lahitapiola.fi/webApp/lapsuudenturva, can be exploited to perform an SQL Injection Attack. The parameter is ctxvarsemail Description: The value inside the ctx tag , doesn't properly sanitized to user input, it ca...
PHPBack 1.3.0 - SQL Injection
/ + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/PHPBACK-v1.3.0-SQL-INJECTION.txt Vendor: ================ www.phpback.org Product: ================ PHPBack v1.3.0 Vulnerability Type: =================== SQL Injection CVE Reference:...