PT-2022-17765 · Unknown · Simple Subscription Website

Name of the Vulnerable Software and Affected Versions: Simple Subscription Website version 1.0 Description: The issue allows attackers to dump the application's database via crafted HTTP requests. This is made possible by a SQL injection vulnerability via the id parameter in the "view plan"...

Simple Subscription Website SQL注入漏洞

Simple Subscription Website is an open source, web-based simple subscription application from Carlo Montero's personal developer. Used to provide companies with possible members to apply for plans that offer certain services, Simple Subscription Website is vulnerable to SQL injection, which can b...

CVE-2021-41652

Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 allows attackers to dump the entire database...

Code injection

Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 allows attackers to dump the entire database...

CVE-2021-41652

Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 allows attackers to dump the entire database...

BatFlat CMS 安全漏洞

Paweł Klockiewicz Batflat CMS is a Paweł Klockiewicz open source application. It provides a CMS website functionality. A security vulnerability exists in BatFlat CMS, which allows an attacker to exploit the vulnerability to dump an entire database...

Online Resort Management System 1.0 - SQL injection (Authenticated) Vulnerability

Exploit Title: Online Resort Management System 1.0 - SQLi Authenticated Exploit Author: Gaurav Grover Vendor Homepage: Software Link: Version: 1.0 Tested on: Linux and windows both Summary: There are a vulnerabilities in Online Resort Management System ORMS 1. The attacker can easily retrieved th...

CVE-2021-36722

CVE-2021-36722 affects Emuse - eServices / eNvoice, where an SQL injection vulnerability arises from insufficient input validation. The flaw can enable attackers to bypass login authentication, dump the entire database, or potentially achieve full remote code execution on affected endpoints. The ...

Bus Pass Management System 1.0 - (Search) SQL injection Vulnerability

Exploit Title: Bus Pass Management System 1.0 - 'Search' SQL injection Exploit Author: Abhijeet Singh Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/bus-pass-management-system-using-php-and-mysql/ Version: v-1.0 Default Tested on: macOS MontereyVersion 12.0.1 SQL...

Church Management System 1.0 - search SQL Injection (Unauthenticated) Vulnerability

Exploit Title: Church Management System 1.0 - 'search' SQL Injection Unauthenticated Exploit Author: Erwin Krazek Nero Vendor Homepage: https://www.sourcecodester.com/php/14949/church-management-system-cms-website-using-php-source-code.html Software Link:...

Library Management System 1.0 - Blind Time-Based SQL Injection (Unauthenticated) Exploit

Exploit Title: Library Management System 1.0 - Blind Time-Based SQL Injection Unauthenticated Exploit Author: Bobby Cooke @0xBoku & Adeeb Shah @hyd3sec Vendor Homepage: https://www.sourcecodester.com/php/12469/library-management-system-using-php-mysql.html Software Link:...

Library Management System 1.0 - Blind Time-Based SQL Injection (Unauthenticated)

Exploit Title: Library Management System 1.0 - Blind Time-Based SQL Injection Unauthenticated Exploit Author: Bobby Cooke @0xBoku & Adeeb Shah @hyd3sec Date: 16/09/2021 Vendor Homepage: https://www.sourcecodester.com/php/12469/library-management-system-using-php-mysql.html Software Link:...

Online Traffic Offense Management System 1.0 SQL Injection

Exploit Title: Online Traffic Offense Management System 1.0 - 'id' SQL Injection Authenticated Date: 19/08/2021 Exploit Author: Justin White Vendor Homepage: https://www.sourcecodester.com Software Link:...

Online Traffic Offense Management System 1.0 - 'id' SQL Injection (Authenticated)

Exploit Title: Online Traffic Offense Management System 1.0 - 'id' SQL Injection Authenticated Date: 19/08/2021 Exploit Author: Justin White Vendor Homepage: https://www.sourcecodester.com Software Link:...

Sql injection

A SQL injection vulnerability was discovered in the editid parameter in Local Services Search Engine Management System Project 1.0. This vulnerability gives admin users the ability to dump all data from the database...

CVE-2021-27999

A SQL injection vulnerability was discovered in the editid parameter in Local Services Search Engine Management System Project 1.0. This vulnerability gives admin users the ability to dump all data from the database...

Elasticsearch ECE 7.13.3 - Anonymous Database Dump Exploit

Exploit Title: Elasticsearch ECE 7.13.3 - Anonymous Database Dump Exploit Author: Joan Martinez @magichk Vendor Homepage: https://www.elastic.co/ Software Link: https://www.elastic.co/ Version: = 7.10.0 to = 7.13.3 Tested on: Elastic ECE Cloud CVE : CVE-2021-22146 Reference:...

Elasticsearch ECE 7.13.3 - Anonymous Database Dump

Exploit Title: Elasticsearch ECE 7.13.3 - Anonymous Database Dump Date: 2021-07-21 Exploit Author: Joan Martinez @magichk Vendor Homepage: https://www.elastic.co/ Software Link: https://www.elastic.co/ Version: = 7.10.0 to = 7.13.3 Tested on: Elastic ECE Cloud CVE : CVE-2021-22146 Reference:...

CVE-2020-36112

CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php and in cart.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database on which the web application...

Sql injection

CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php and in cart.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database on which the web application...