1916 matches found
Sitejo HaPe PKH SQL注入漏洞
Sitejo HaPe PKH is a community poverty alleviation project management system developed by Sitejo Corporation. Version 1.1 of Sitejo HaPe PKH contains an SQL injection vulnerability. This vulnerability arises from injecting SQL code through the namakelompok POST parameter, which may allow...
Sitejo HaPe PKH SQL注入漏洞
Sitejo HaPe PKH is a community poverty alleviation project management system developed by Sitejo Corporation. Version 1.1 of Sitejo HaPe PKH contains an SQL injection vulnerability. This vulnerability arises from injecting SQL code through the id parameter, which may allow attackers to manipulate...
Kados R10 GreenBee SQL注入漏洞
Kados R10 GreenBee is a web-based project management and collaboration tool developed by Kados OpenSource. Kados R10 GreenBee has a SQL injection vulnerability. This vulnerability arises from the fact that the featureid parameter in boardsbuttons/updatefeature.php is not cleaned properly, resulti...
Open ISES Project SQL注入漏洞
The Open ISES Project is an open-source information technology platform for emergency service organizations, developed by Open ISES. Version 3.30A of the Open ISES Project contains a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the frmpasswd...
Open ISES Project SQL注入漏洞
The Open ISES Project is an open-source information technology platform for emergency service organizations developed by Open ISES. Version 3.30A of the Open ISES Project contains a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the ticklat and tickln...
PT-2026-44868
HaPe PKH 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'desa' POST parameter sent to lap-peserta-perdesa-pdf.php. Attackers can send a crafted request with a time-based blind payload to infer and...
PT-2026-44922
Name of the Vulnerable Software and Affected Versions agno version 2.6.5 Description A SQL injection issue exists in the ClickHouse vector database backend. Attackers can inject arbitrary SQL expressions by providing malicious metadata keys and values to the delete by metadata function. This is...
CVE-2026-7048
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.8.40 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation o...
CVE-2026-7797
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'appendwheresql' parameter in all versions up to, and including, 1.6.11.8 due to insufficient escaping on the user supplied parameter and lac...
OpenCATS 0.9.7.4 - SQL Injection
Exploit Title: OpenCATS 0.9.7.4 - SQL Injection Exploit Author: Gabriel Rodrigues TEXUGO from HAKAI Vendor Homepage: https://www.opencats.org Software Link: https://github.com/opencats/OpenCATS Version: 1 else "http://localhost:8888" user = sys.argv2 if lensys.argv 2 else "admin" pw = sys.argv3 i...
CVE-2018-25364
Twitter-Clone 1 contains a SQL injection flaw accessible without authentication via search.php. An attacker can inject malicious code into the name parameter to perform error-based and union-based SQL injections, enabling extraction of database information such as usernames, credentials, and syst...
CVE-2018-25364 Twitter-Clone 1 SQL Injection via search.php
Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the name parameter. Attackers can submit crafted payloads to the search.php endpoint to extract database information including username...
CVE-2018-25362 Twitter-Clone 1 SQL Injection via follow.php
Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit union-based or time-based blind SQL injection payloads to extract sensitive database information...
CVE-2018-25342
Smartshop 1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'searched' parameter in search.php. Attackers can send GET requests with malicious SQL payloads like SLEEP commands to extract...
CVE-2018-25348
CVE-2018-25348 concerns the Joomla! extension Ek Rishta 2.10 , where an SQL injection vulnerability exists in the user_detail view through the cid parameter. Unauthenticated attackers can manipulate database queries by supplying malicious cid values, enabling extraction of sensitive information. ...
CVE-2018-25341 Smartshop 1 SQL Injection via product.php id Parameter
Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to product.php with union-based SQL injection payloads in the id parameter to extract...
CVE-2018-25341
CVE-2018-25341 concerns Smartshop 1 with a SQL injection vulnerability in product.php id parameter. The issue allows unauthenticated attackers to perform union-based SQL injection to extract database information, including usernames and database names. Connected sources confirm the vulnerability ...
CVE-2018-25340 Smartshop 1 SQL Injection via category.php
Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to category.php with UNION-based SQL injection payloads in the id parameter to extract...
CVE-2018-25340
Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to category.php with UNION-based SQL injection payloads in the id parameter to extract...
CVE-2018-25340 Smartshop 1 SQL Injection via category.php
Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to category.php with UNION-based SQL injection payloads in the id parameter to extract...