Lucene search
K

1965 matches found

Cvelist
Cvelist
added 2026/03/12 3:36 p.m.26 views

CVE-2019-25514 Jettweb PHP Hazir Haber Sitesi Scripti V3 SQL Injection

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive data...

8.8CVSS0.00512EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/12 3:36 p.m.1 views

CVE-2019-25514

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive data...

8.8CVSS5.9AI score0.00512EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/03/12 3:36 p.m.35 views

CVE-2019-25514

CVE-2019-25514 concerns the Jettweb PHP Hazir Haber Sitesi Scripti V3, which contains an SQL injection vulnerability exposed via the POST parameter kelime . The connected ENISA/EUVD entry confirms that attackers can inject SQL payloads through the kelime parameter (e.g., UNION-based injections) t...

9.8CVSS5.9AI score0.00512EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/12 3:36 p.m.22 views

CVE-2019-25509 XooDigital Lastest Latest SQL Injection via results.php

XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to extract sensitive database information...

8.8CVSS0.00306EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/12 3:36 p.m.7 views

CVE-2019-25482

Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the arackategoriid parameter. Attackers can send POST requests to the endpoint with malicious SQL payloads to...

8.8CVSS5.9AI score0.00367EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/12 3:36 p.m.2 views

CVE-2019-25481 iScripts ReserveLogic Lastest SQL Injection via search endpoint

iScripts ReserveLogic contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the jqSearchDestination parameter. Attackers can send POST requests to the search endpoint with crafted SQL payloads to extract sensitiv...

8.8CVSS6AI score0.00318EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/12 3:36 p.m.25 views

CVE-2019-25481 iScripts ReserveLogic Lastest SQL Injection via search endpoint

iScripts ReserveLogic contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the jqSearchDestination parameter. Attackers can send POST requests to the search endpoint with crafted SQL payloads to extract sensitiv...

8.8CVSS0.00318EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/12 3:36 p.m.2 views

CVE-2019-25479

Inout RealEstate contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the city parameter. Attackers can send POST requests to the agents/agentlistdetails endpoint with malicious SQL payloads in the city paramete...

8.8CVSS5.9AI score0.00377EPSS
Exploits0References2
CVE
CVE
added 2026/03/12 3:36 p.m.11 views

CVE-2019-25479

Inout RealEstate contains an SQL injection vulnerability exploitable by unauthenticated attackers via the city parameter in a POST to agents/agentlistdetails. The issue allows manipulation of database queries and extraction of sensitive data, with the vulnerability assessed as high (CVSS 3.1: 8.2...

8.8CVSS5.9AI score0.00377EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/12 3:36 p.m.25 views

CVE-2019-25473 Clinic Pro SQL Injection via monthly_expense_overview month Parameter

Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthlyexpenseoverview endpoint with crafted month values using boolean-based blind,...

7.1CVSS0.00323EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/03/12 2:38 a.m.161 views

Exploit for SQL Injection in Vishalmathur Cloudclassroom-Php-Project

CVE-2026-2058-PoC – CloudClassroom PHP Project SQL Injection...

9.8CVSS6AI score0.00468EPSS
Exploits3
ATTACKERKB
ATTACKERKB
added 2026/03/12 2:22 a.m.3 views

CVE-2026-3657

The My Sticky Bar plugin for WordPress is vulnerable to SQL injection via the stickymenucontactleadform AJAX action in all versions up to, and including, 2.8.6. This is due to the handler using attacker-controlled POST parameter names directly as SQL column identifiers in $wpdb-insert. While...

7.5CVSS5.8AI score0.00338EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.6 views

PT-2026-24963

Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthly expense overview endpoint with crafted month values using boolean-based blind,...

7.1CVSS5.9AI score0.00323EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.8 views

PT-2026-24964

Inout RealEstate contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the city parameter. Attackers can send POST requests to the agents/agentlistdetails endpoint with malicious SQL payloads in the city paramete...

8.8CVSS5.9AI score0.00377EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.5 views

PT-2026-24990

uHotelBooking System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the system page GET parameter. Attackers can send crafted requests to index.php with malicious system page values using time-based blind...

8.8CVSS5.9AI score0.00335EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.4 views

PT-2026-24966

Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the arac kategori id parameter. Attackers can send POST requests to the endpoint with malicious SQL payloads to...

8.8CVSS5.9AI score0.00367EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.5 views

PT-2026-24983

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat id parameter. Attackers can send GET requests to cat.php with malicious cat id values to bypass authentication, extract sensitive...

8.8CVSS5.9AI score0.00393EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.6 views

Xooscripts XooDigital SQL注入漏洞

Xooscripts XooDigital is a software developed by the Xooscripts company. Xooscripts XooDigital has a SQL injection vulnerability; this vulnerability stems from the p parameter being susceptible to SQL injections, which may allow unauthenticated attackers to manipulate database queries and extract...

8.8CVSS5.8AI score0.00306EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.5 views

PT-2026-24972

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive databa...

8.8CVSS5.9AI score0.00331EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.6 views

Xooscripts XooGallery SQL注入漏洞

Xooscripts XooGallery is a gallery management component developed by the Xooscripts company. Xooscripts XooGallery has a SQL injection vulnerability. This vulnerability stems from the photoid parameter, which allows for SQL injections. It may allow unauthorized attackers to extract sensitive data...

9.1CVSS5.8AI score0.00358EPSS
Exploits1References2
Rows per page
Query Builder