Sql injection

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A SQL Injection vulnerability allows authenticated users to taint database data and extract sensitive information via crafted HTTP requests. The type of SQL Injection is blind boolean based...

CVE-2022-24691

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A SQL Injection vulnerability allows authenticated users to taint database data and extract sensitive information via crafted HTTP requests. The type of SQL Injection is blind boolean based...

Orange Station 1.0 SQL Injection

Title: Orange Station 1.0 SQLi Author: nu11secur1ty Date: 0.16.2022 Vendor: https://www.mayurik.com/ Software: https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html Reference:...

DSK DSKNet SQL注入漏洞

DSK DSKNet is a data interaction program from DSK Japan. Their time and attendance data can be accessed interactively from any site connected to your network. A security vulnerability exists in DSK DSKNet versions 2.16.136.0 and 2.17.136.5, which stems from a SQL injection vulnerability that allo...

Failed transfer during migrate could lockup the fund in old terminal

Lines of code Vulnerability details Without require for boolean checking, if to.addToBalanceOfvalue: payableValueprojectId, balance, token, '', bytes''; fail when transfer, migrate will not revert. This could cause the fund to lockup in the old terminal since store.recordMigrationprojectId; will...

Warehouse Management System 2022 Multiple SQL injection Vulnerabilities

Title: Warehouse Management System 2022 ML-SQLi Author: nu11secur1ty Date: 06.13.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php-codeigniter-warehouse-management-system-free-source-code Reference:...

ChurchCRM 4.4.5 - SQL injection Vulnerability

Exploit Title: ChurchCRM 4.4.5 - SQLi Exploit Author: nu11secur1ty Vendor: https://churchcrm.io/ Software: https://github.com/ChurchCRM/CRM Reference: https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-31325 Description: There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via...

CVE-2021-35487

Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates for the Manage Alerts page via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user,...

Sql injection

Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates for the Manage Alerts page via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user,...

CVE-2021-35487

Summary : CVE-2021-35487 affects Nokia Broadcast Message Center up to version 11.1.0. An authenticated user can perform a Boolean Blind SQL Injection on the /owui/block/send-receive-updates endpoint via the extIdentifier HTTP POST parameter, enabling retrieval of the database user, database name,...

Not all ERC20 tokens return boolean on transfer

Lines of code Vulnerability details Impact Some ERC20 tokens do not conform to the standard of returning a boolean when transfer is called. If one of these tokens is included as a reward token, the withdraw function will be irrevocably broken, and users won't be able to collect their reward or...

transfer or transferFrom without checking the boolean result

It was found some transfer, approve or transferFrom without checking the boolean result, ERC20 standard specify that the token can return false if this call was not made, so it's mandatory to check the result of approve methods. CoreCollection.solL175 ERC721Payable.solL54 --- The text was updated...

Responsive Online Blog 1.0 SQL Injection

Exploit Title: Responsive Online Blog 1.0 - Blind Boolean-based SQLi Date: 2022-04-16 Exploit Author: Gideon Kamioka @w1ezl Vendor Homepage: https://www.sourcecodester.com/php/14194/responsive-online-blog-website-using-phpmysql.html Software Link:...

Explore CMS 1.0 SQL Injection

Exploit Title: explore CMS - Boolean Based SQL Injection Date: 19/03/2022 Exploit Author: Sajibe Kanti Vendor Name : EXPLORE IT Vendor Homepage: https://exploreit.com.bd CVE: On Request POC SQL Injection SQL injection is a web security vulnerability that allows an attacker to interfere with the...

KLiK Social Media Website 1.0 SQL Injection

Exploit Title: KLiK Social Media Website 1.0 - 'Multiple' SQLi Date: April 1st, 2022 Exploit Author: corpse Vendor Homepage: https://github.com/msaad1999/KLiK-SocialMediaWebsite Software Link: https://github.com/msaad1999/KLiK-SocialMediaWebsite Version: 1.0 Tested on: Debian 11 Parameter: poll G...

IBM: SQL injection in URL path processing on www.ibm.com

A blind SQL injection in URL path processing on www.ibm.com was reported to IBM, analyzed and has been remediated. Thank you to @asterite. Blind SQL injection was present in URL path processing on www.ibm.com. An interesting thing is that the vulnerability was present in, essentially, any path, o...

ClassApps SelectSurvey.NET SQL Injection Vulnerability

Net is a survey software from ClassApps, Inc. built using Microsoft's cutting-edge . A SQL injection vulnerability exists in the ID parameter of the UploadedImageDisplay.aspx endpoint, which can be exploited by an unauthenticated attacker to retrieve data from the application's back-end database...

CVE-2021-43701

CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnerability in the endpoint /admin/export/getcsv/articledb, via the fieldS and orderby parameters...

Sql injection

CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnerability in the endpoint /admin/export/getcsv/articledb, via the fieldS and orderby parameters...

Covid-19 Directory On Vaccination System 1.0 SQL Injection Vulnerability

Title: Covid-19 Directory on Vaccination System 1.0 Blind boolean SQLi To Rce Author: Hejap Zairy Vendor: https://www.sourcecodester.com/php/15244/design-and-implementation-covid-19-directory-vacination.html Software:...