358 matches found
CVE-2019-25543 Netartmedia Real Estate Portal 5.0 SQL Injection via index.php
Netartmedia Real Estate Portal 5.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the page parameter. Attackers can submit POST requests to index.php with malicious SQL payloads in the page field to bypass...
CVE-2019-25527
CVE-2019-25527 affects Inout EasyRooms Ultimate Edition v1.0. The vulnerability is an SQL injection in the numguest parameter, exploitable by sending crafted POST requests to the /search/searchdetailed endpoint. It is described as allowing unauthenticated attackers to manipulate queries, potentia...
CVE-2019-25526 Inout EasyRooms Ultimate Edition v1.0 SQL Injection via search
Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the location parameter. Attackers can send POST requests to the search/searchdetailed endpoint with malicious SQL payloa...
CVE-2019-25525 Inout EasyRooms Ultimate Edition v1.0 SQL Injection via search
Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the guests parameter. Attackers can send POST requests to the search/rentals endpoint with malicious SQL payloads to...
CVE-2019-25523 XooGallery Lastest Latest SQL Injection via cat.php
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requests to cat.php with malicious catid values to bypass authentication, extract sensitive data...
CVE-2019-25523
XooGallery Latest contains an SQL injection vulnerability in cat.php via the cat_id parameter, allowing unauthenticated attackers to bypass authentication and potentially extract or modify data. The issue is described with CVSS 3.1/4.0 high-severity metrics (network, low complexity, no user inter...
CVE-2019-25522
XooGallery Latest contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through the photoid parameter. Attackers can send GET requests to photo.php with malicious photoid values to extract sensitive data, bypass...
CVE-2019-25522 XooGallery Lastest Latest Multiple SQL Injections via photo.php
XooGallery Latest contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through the photoid parameter. Attackers can send GET requests to photo.php with malicious photoid values to extract sensitive data, bypass...
CVE-2019-25521
CVE-2019-25521 affects XooGallery Latest. The issue is an SQL injection in the gal_id parameter passed to gal.php, allowing unauthenticated attackers to manipulate database queries, extract sensitive information, or modify data. CVSS 3.1: 8.2 (High) with network access, no user interaction requir...
PT-2026-24978
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the poll parameter. Attackers can send POST requests to arama.php with malicious SQL payloads in the poll parameter ...
PT-2026-24982
XooGallery Latest contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through the photo id parameter. Attackers can send GET requests to photo.php with malicious photo id values to extract sensitive data, bypass...
PT-2026-24983
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat id parameter. Attackers can send GET requests to cat.php with malicious cat id values to bypass authentication, extract sensitive...
CVE-2019-25501
Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the appid parameter. Attackers can send POST requests to deleteapplicationajax.php with crafted payloads to extract sensitive data, bypass...
CVE-2019-25499
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the jobid parameter. Attackers can send POST requests to getjobapplicationsajax.php with malicious jobid values to bypass authentication,...
CVE-2019-25501
Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the appid parameter. Attackers can send POST requests to deleteapplicationajax.php with crafted payloads to extract sensitive data, bypass...
CVE-2019-25501
Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the appid parameter. Attackers can send POST requests to deleteapplicationajax.php with crafted payloads to extract sensitive data, bypass...
CVE-2019-25501 Simple Job Script SQL Injection via delete_application_ajax.php
Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the appid parameter. Attackers can send POST requests to deleteapplicationajax.php with crafted payloads to extract sensitive data, bypass...
CVE-2019-25501
Summary: CVE-2019-25501 affects the Simple Job Script web application. The vulnerability resides in the server-side code handling the app_id parameter in the delete_application_ajax.php endpoint, enabling SQL injection to manipulate database queries. Public references indicate attackers can craft...
CVE-2019-25500
Simple Job Script is affected by an SQL injection in the employerid parameter of the register-recruiters endpoint. Attackers can send unauthenticated POST requests to manipulate queries, potentially exposing sensitive data (C: HIGH) and altering data (I: LOW). Affected vector is network with low ...
CVE-2019-25499
CVE-2019-25499 affects the Simple Job Script and allows unauthenticated SQL injection via the job_id parameter in get_job_applications_ajax.php. The vulnerability enables manipulation of database queries, potentially bypassing authentication and exposing or altering data. CVSS metrics indicate hi...