LibreNMS vulnerable to a Time-Based Blind SQL injection leads to database extraction

Summary Get a valid API token, make sure you can access api functions, then replace string on my PoC code, Test on offical OVA image, it's a old version 23.9.1, but this vulerable is also exists on latest version 24.2.0 Details in file apifunctions.php, line 307 for function listdevices php $orde...

LibreNMS vulnerable to SQL injection time-based leads to database extraction

Summary SQL injection vulnerability in POST /search/search=packages in LibreNMS 24.3.0 allows a user with global read privileges to execute SQL commands via the package parameter. Details There is a lack of hygiene of data coming from the user in line 83 of the file...

GHSA-CWX6-CX7X-4Q34 LibreNMS vulnerable to SQL injection time-based leads to database extraction

Summary SQL injection vulnerability in POST /search/search=packages in LibreNMS 24.3.0 allows a user with global read privileges to execute SQL commands via the package parameter. Details There is a lack of hygiene of data coming from the user in line 83 of the file...

CVE-2023-6967 Pods - Custom Content Types and Fields - Authenticated (Contributor+) SQL Injection via Shortcode

The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to SQL Injection via shortcode in all versions up to, and including, 3.0.10 with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

Simple Task List 1.0 SQL Injection

Exploit Title: Simple Task List 1.0 - 'status' SQLi Date: 2023-11-15 Exploit Author: Ersin Erenler Vendor Homepage: https://code-projects.org/simple-task-list-in-php-with-source-code Software Link: https://download-media.code-projects.org/2020/12/SimpleTaskListInPHPWithSourceCode.zip Version: 1.0...

Sql injection

The Conversios – Google Analytics 4 GA4, Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the eesyncProductCategory function using the parameters conditionData, valueData, productArray, exclude and include in all versions ...

CVE-2024-1206 WP Recipe Maker <= 9.1.2 - Missing Authorization to Authenticated (Subscriber+) SQL Injecton

The WP Recipe Maker plugin for WordPress is vulnerable to SQL Injection via the 'recipes' parameter in all versions up to, and including, 9.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2023-6981 WP SMS <= 6.5 - Authenticated (Admin+) SQL Injection to Reflected Cross-Site Scripting

The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to SQL Injection via the 'groupid' parameter in all versions up to, and including, 6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2023-5465

The Popup with fancybox plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2023-5437

The WP fade in text news plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2023-5436 Vertical marquee plugin <= 7.1 - Authenticated (Subscriber+) SQL Injection via Shortcode

The Vertical marquee plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

SQL Injection

librenms/librenms is vulnerable to SQL Injection. The vulnerability exists because the the search query is not properly sanitized which allows an attacker to extract the whole database...

Time-Based Blind SQL injection leads to database extraction

Proof of Concept Login your account. then copy the coope and paste on below raw request POST /ajaxtable.php HTTP/1.1 Host: demo.librenms.org User-Agent: Mozilla/5.0 Windows NT 10.0; rv:78.0 Gecko/20100101 Firefox/78.0 Content-Length: 221 Accept: / Accept-Language: en-US,en;q=0.5 Content-Type:...

CVE-2023-3677 WooCommerce PDF Invoice Builder <= 1.2.89 - Authenticated (Subscriber+) SQL Injection via Export

The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to SQL Injection via the pageId parameter in versions up to, and including, 1.2.89 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

PT-2023-23291 · WordPress · Mainwp Child

Name of the Vulnerable Software and Affected Versions: MainWP Child plugin for WordPress versions up to, and including, 4.4.1.1 Description: The issue allows unauthenticated attackers to extract sensitive data, including the entire installation's database, due to insufficient controls on the...

CVE-2023-2484

The Active Directory Integration plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th...

CVE-2023-2607 Multiple Page Generator Plugin <= 3.3.17 - Authenticated (Administrator+) SQL Injection

The Multiple Page Generator Plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

HikaShop Joomla Plugin, , SQL Injection

anyone with access to the order management in the backend of HikaShop to be able to use a MySQL injection to extract data from the database. "payment methods" restriction setting to custom fields of the "order" table in HikaShop 4.4.1, so prior versions of HikaShop are not impacted...

CVE-2022-3059 SQL injection in Schoolbox version 21.0.2, by Schoolbox Pty Ltd

The application was vulnerable to multiple instances of SQL injection authenticated and unauthenticated through a vulnerable parameter. Due to the stacked query support, complex SQL commands could be crafted and injected into the vulnerable parameter and using a sleep based inferential SQL...

CVE-2022-3059 SQL injection in Schoolbox version 21.0.2, by Schoolbox Pty Ltd

The application was vulnerable to multiple instances of SQL injection authenticated and unauthenticated through a vulnerable parameter. Due to the stacked query support, complex SQL commands could be crafted and injected into the vulnerable parameter and using a sleep based inferential SQL...