Lucene search
K

601 matches found

Gitee
Gitee
added 2025/09/14 2:44 p.m.78 views

msdat

This is an offensive tool for Microsoft SQL Server MSSQL database exploitation. The tool is called "MSDAT" and is designed to perform various attacks on MSSQL databases, including reading and writing files, executing system commands, and more. The tool uses a variety of techniques, including OLE...

7.4AI score
Exploits0
CNVD
CNVD
added 2025/07/11 12:0 a.m.5 views

Endress+Hauser MEAC300-FNADE4 SQL Injection Vulnerability

The Endress+Hauser MEAC300-FNADE4 is a cost-effective emissions data management computer from Endress+Hauser Vietnam. The Endress+Hauser MEAC300-FNADE4 suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker...

8.6CVSS7.6AI score0.00394EPSS
Exploits0References1
OSV
OSV
added 2025/07/07 4:47 p.m.6 views

CVE-2025-53527 WeGIA allows Time-Based Blind SQL Injection in the relatorio_geracao.php endpoint

WeGIA is a web manager for charitable institutions. A Time-Based Blind SQL Injection vulnerability was discovered in the almox parameter of the /controle/relatoriogeracao.php endpoint. This issue allows attacker to inject arbitrary SQL queries, potentially leading to unauthorized data access or...

8.3CVSS7.8AI score0.00408EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/07/07 4:47 p.m.3 views

CVE-2025-53527 WeGIA allows Time-Based Blind SQL Injection in the relatorio_geracao.php endpoint

WeGIA is a web manager for charitable institutions. A Time-Based Blind SQL Injection vulnerability was discovered in the almox parameter of the /controle/relatoriogeracao.php endpoint. This issue allows attacker to inject arbitrary SQL queries, potentially leading to unauthorized data access or...

8.3CVSS8.1AI score0.00408EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/06/06 6:42 a.m.8 views

CVE-2025-5563 WP-Addpub <= 1.2.8 - Authenticated (Contributor+) SQL Injection

The WP-Addpub plugin for WordPress is vulnerable to SQL Injection via the 'wp-addpub' shortcode in all versions up to, and including, 1.2.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

6.5CVSS7.5AI score0.00295EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 9:38 a.m.9 views

CVE-2024-24014

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/author/list...

9.8CVSS9.7AI score0.00622EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:28 a.m.5 views

CVE-2024-29390

Daily Expenses Management System version 1.0, developed by PHP Gurukul, contains a time-based blind SQL injection vulnerability in the 'add-expense.php' page. An attacker can exploit the 'item' parameter in a POST request to execute arbitrary SQL commands in the backend database. This can be done...

7.3CVSS8.6AI score0.0037EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:1 p.m.8 views

CVE-2020-25990

WebsiteBaker 2.12.2 allows SQL Injection via parameter 'displayname' in /websitebaker/admin/preferences/save.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database...

9.8CVSS8.2AI score0.01668EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2025/05/22 10:9 a.m.5 views

CVE-2019-19732

translationmanagetext.ajax.php and various manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 directly insert values from the aSortDir0 and/or sSortDir0 parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from th...

7.2CVSS6.8AI score0.01089EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/04/25 4:17 p.m.7 views

CVE-2025-31343

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UpdateTcmSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from a...

8.8CVSS7.8AI score0.00732EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/23 3:33 p.m.10 views

CVE-2025-32969 org.xwiki.platform:xwiki-platform-rest-server allows SQL injection in query endpoint of REST API

XWiki is a generic wiki platform. In versions starting from 1.8 and prior to 15.10.16, 16.4.6, and 16.10.1, it is possible for a remote unauthenticated user to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQL statements on the database backend,...

9.3CVSS8AI score0.79487EPSS
Exploits1References3
CNVD
CNVD
added 2025/04/14 12:0 a.m.30 views

Command Execution Vulnerability in e-cology of Shanghai Panmicro Network Technology Co. Ltd (CNVD-2025-07886)

e-cology is an enterprise-level collaborative office automation system that provides comprehensive informatization solutions mainly for medium and large enterprises. It is characterized by intelligence, platform and full digitalization, aiming to improve the efficiency and management level of the...

8.4AI score
Exploits0
NVD
NVD
added 2025/03/28 9:15 p.m.22 views

CVE-2025-22953

A SQL injection vulnerability exists in Epicor HCM 2021 1.9, with patches available: 5.16.0.1033/HCM2022, 5.17.0.1146/HCM2023, and 5.18.0.573/HCM2024. The injection is specifically in the filter parameter of the JsonFetcher.svc endpoint. An attacker can exploit this vulnerability by injecting...

9.8CVSS0.0158EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/03/14 7:23 a.m.14 views

CVE-2024-13321 AnalyticsWP <= 2.0.0 - Unauthenticated SQL Injection

The AnalyticsWP plugin for WordPress is vulnerable to SQL Injection via the 'customsql' parameter in all versions up to, and including, 2.0.0 due to insufficient authorization checks on the handlegetstats function. This makes it possible for unauthenticated attackers to append additional SQL...

7.5CVSS0.00436EPSS
Exploits0References2
CVE
CVE
added 2025/03/08 9:22 a.m.101 views

CVE-2025-1323

The WP-Recall plugin for WordPress is affected by an unauthenticated SQL injection via the databeat parameter in all versions up to 16.26.10. The root cause is insufficient escaping of the user-supplied databeat value and inadequate preparation of the existing SQL query, enabling attackers to app...

9.8CVSS7.7AI score0.02886EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2025/03/02 11:31 a.m.4 views

SQL Injection

ZoneMinder is vulnerable to SQL Injection. The vulnerability is due to unsanitized parameters being directly passed to an SQL query in WWW/AJAX/watch.php, and attackers can exploit this to execute arbitrary SQL commands on the database...

7.1CVSS7.2AI score0.00503EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2025/02/25 10:15 p.m.19 views

CVE-2025-25515

Seacms =13.3 is vulnerable to SQL Injection in admincollect.php that allows an authenticated attacker to exploit the database...

8.8CVSS0.00474EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/20 12:20 a.m.8 views

CVE-2025-25222

The LuxCal Web Calendar prior to 5.3.3M MySQL version and prior to 5.3.3L SQLite version contains an SQL injection vulnerability in retrieve.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved...

9.8CVSS7.5AI score0.00439EPSS
Exploits0References1
CVE
CVE
added 2025/02/19 3:31 p.m.51 views

CVE-2025-1465

CVE-2025-1465 affects lmxcms 1.41, specifically the db.inc.php file in the Maintenance component. The Red Hat/NVD entries describe an unknown function being manipulated to achieve code injection, with remote exploitation possible. Exploitability is characterized as difficult and needs high privil...

6.6CVSS4.8AI score0.00496EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 5:20 a.m.17 views

CVE-2024-1793

The AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth plugin for WordPress is vulnerable to SQL Injection via the 'postid' parameter in all versions up to, and including, 7.3.14 due to insufficient escaping on the user supplied parameter an...

7.2CVSS7.2AI score0.0089EPSS
Exploits0References1
Rows per page
Query Builder