Lucene search
K

96 matches found

OSV
OSV
added 2024/03/06 11:6 a.m.10 views

BIT-SEOPANEL-2021-28419

The "ordercol" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases...

7.2CVSS7AI score0.10672EPSS
Exploits4References2
0day.today
0day.today
added 2023/10/16 12:0 a.m.506 views

ChurchCRM 4.5.4 SQL Injection Exploit

Exploit Title: ChurchCRM 4.5.4 - Authenticated Blind SQL Injection via the ENtyid Date: 03-05-2023 Exploit Author: Arvandy Blog Post: https://github.com/arvandy/CVE/blob/main/CVE-2023-29842/CVE-2023-29842.md Software Link: https://github.com/ChurchCRM/CRM/releases Vendor Homepage:...

8.8CVSS7.1AI score0.01318EPSS
Exploits3
NVD
NVD
added 2023/07/18 12:15 p.m.22 views

CVE-2023-3743

Ap Page Builder, in versions lower than 1.7.8.2, could allow a remote attacker to send a specially crafted SQL query to the productoneimg parameter to retrieve the information stored in the database...

7.5CVSS0.0057EPSS
Exploits0References1
Prion
Prion
added 2023/07/18 12:15 p.m.19 views

Design/Logic Flaw

Ap Page Builder, in versions lower than 1.7.8.2, could allow a remote attacker to send a specially crafted SQL query to the productoneimg parameter to retrieve the information stored in the database...

5CVSS7.5AI score0.0057EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/18 11:56 a.m.16 views

CVE-2023-3743 SQL injection vulnerability in LeoTheme's Ap Page Builder

Ap Page Builder, in versions lower than 1.7.8.2, could allow a remote attacker to send a specially crafted SQL query to the productoneimg parameter to retrieve the information stored in the database...

7.5CVSS7AI score0.0057EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/07/18 11:56 a.m.29 views

CVE-2023-3743 SQL injection vulnerability in LeoTheme's Ap Page Builder

Ap Page Builder, in versions lower than 1.7.8.2, could allow a remote attacker to send a specially crafted SQL query to the productoneimg parameter to retrieve the information stored in the database...

7.5CVSS7.7AI score0.0057EPSS
Exploits0References1
NVD
NVD
added 2023/06/23 4:15 p.m.14 views

CVE-2023-36284

An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter datefrom, dateto, and idproduct allows a remote attacker to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire database...

7.5CVSS8.1AI score0.03157EPSS
Exploits1References1
OSV
OSV
added 2023/06/23 4:15 p.m.12 views

CVE-2023-36284

An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter datefrom, dateto, and idproduct allows a remote attacker to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire database...

7.5CVSS8.6AI score
Exploits0References1
Prion
Prion
added 2023/06/23 4:15 p.m.20 views

Sql injection

An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter datefrom, dateto, and idproduct allows a remote attacker to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire database...

5CVSS8.1AI score0.03157EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/23 12:0 a.m.14 views

CVE-2023-36284

An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter datefrom, dateto, and idproduct allows a remote attacker to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire database...

8.6AI score0.03157EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/06/23 12:0 a.m.17 views

CVE-2023-36284

An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter datefrom, dateto, and idproduct allows a remote attacker to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire database...

8.3AI score0.03157EPSS
Exploits1References1
0day.today
0day.today
added 2023/03/28 12:0 a.m.222 views

Senayan Library Management System v9.5.0 - SQL Injection Vulnerability

Title: Senayan Library Management System v9.5.0 - SQL Injection Author: nu11secur1ty Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.5.0 Description: The...

6.8AI score
Exploits0
0day.today
0day.today
added 2022/11/07 12:0 a.m.281 views

Senayan Library Management System 9.5.0 SQL Injection Vulnerability

Title: Senayan Library Management System v9.5.0 a.k.a SLIMS 9 BULIAN SQLi Author: nu11secur1ty Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.5.0...

0.5AI score
Exploits0
CNVD
CNVD
added 2022/06/17 12:0 a.m.23 views

PEEL Shopping CMS SQL Injection Vulnerability

PEEL Shopping CMS is a shopping platform. A SQL injection vulnerability exists in PEEL Shopping CMS version 9.4.0, which stems from a lack of filtering of SQL data in utilisateurs.php. An attacker belonging to the Administrators group can inject malicious SQL queries to affect the application's...

6.5CVSS3.9AI score0.01338EPSS
Exploits1References1
Prion
Prion
added 2022/06/15 4:15 p.m.16 views

Sql injection

PEEL Shopping CMS 9.4.0 is vulnerable to authenticated SQL injection in utilisateurs.php. A user that belongs to the administrator group can inject a malicious SQL query in order to affect the execution logic of the application and retrive information from the database...

5.5CVSS6.7AI score0.01338EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2022/05/05 12:0 a.m.24 views

Delta Electronics DIAEnergie SQL Injection Vulnerability (CNVD-2022-36025)

Delta Electronics DIAEnergie is an industrial energy management system for monitoring and analyzing energy consumption in real time, calculating energy consumption and load characteristics, optimizing equipment performance, improving production processes and maximizing energy efficiency. Delta...

10CVSS9.8AI score0.01138EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/05 12:0 a.m.13 views

Delta Electronics DIAEnergie SQL Injection Vulnerability (CNVD-2022-36027)

Delta Electronics DIAEnergie is an industrial energy management system for monitoring and analyzing energy consumption in real time, calculating energy consumption and load characteristics, optimizing equipment performance, improving production processes and maximizing energy efficiency. Delta...

10CVSS7.8AI score0.01138EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/05 12:0 a.m.30 views

Delta Electronics DIAEnergie SQL Injection Vulnerability (CNVD-2022-36030)

Delta Electronics DIAEnergie is an industrial energy management system for monitoring and analyzing energy consumption in real time, calculating energy consumption and load characteristics, optimizing equipment performance, improving production processes and maximizing energy efficiency. Delta...

10CVSS9.8AI score0.20844EPSS
Exploits0References1
NVD
NVD
added 2022/05/02 7:15 p.m.20 views

CVE-2022-1370

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in ReadREGbyID. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

10CVSS0.01138EPSS
Exploits0References1
NVD
NVD
added 2022/05/02 6:15 p.m.18 views

CVE-2022-1366

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in HandlerChart.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

10CVSS0.19365EPSS
Exploits0References1
Rows per page
Query Builder