Lucene search
K

475 matches found

EUVD
EUVD
added 2026/02/06 6:10 p.m.4 views

EUVD-2025-206886

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an authenticated SQL injection vulnerability in OpenSTAManager's Scadenzario Payment Schedule print template allows any authenticated user to extract sensitive data from the database...

8.7CVSS5.6AI score0.00354EPSS
Exploits3References1
Cvelist
Cvelist
added 2026/02/06 6:6 p.m.27 views

CVE-2026-24418 OpenSTAManager has an SQL Injection vulnerability in the Scadenzario bulk operations module

OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Error-Based SQL Injection vulnerability in the bulk operations handler for the Scadenzario Payment Schedule module. The application fails to validate...

8.7CVSS0.00356EPSS
Exploits4References1
Vulnrichment
Vulnrichment
added 2026/02/06 6:5 p.m.3 views

CVE-2026-24419 OpenSTAManager has an SQL Injection in the Prima Nota module

OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Error-Based SQL Injection vulnerability in the Prima Nota Journal Entry module's add.php file. The application fails to validate that comma-separated...

8.7CVSS5.9AI score0.00344EPSS
Exploits3References1
NVD
NVD
added 2026/02/06 5:16 p.m.5 views

CVE-2019-25298

html5snmp 1.11 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through RouterID and RouterIP parameters. Attackers can exploit error-based, time-based, and union-based injection techniques to potentially extract or modify database information by...

9.1CVSS0.0037EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/06 4:41 p.m.3 views

CVE-2019-25298 html5_snmp 1.11 - 'Router_ID' SQL Injection

html5snmp 1.11 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through RouterID and RouterIP parameters. Attackers can exploit error-based, time-based, and union-based injection techniques to potentially extract or modify database information by...

7.1CVSS5.7AI score0.0037EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/06 4:41 p.m.34 views

CVE-2019-25298 html5_snmp 1.11 - 'Router_ID' SQL Injection

html5snmp 1.11 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through RouterID and RouterIP parameters. Attackers can exploit error-based, time-based, and union-based injection techniques to potentially extract or modify database information by...

9.1CVSS0.0037EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/06 4:41 p.m.3 views

CVE-2019-25298

html5snmp 1.11 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through RouterID and RouterIP parameters. Attackers can exploit error-based, time-based, and union-based injection techniques to potentially extract or modify database information by...

7.1CVSS5.8AI score0.0037EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/02/06 4:41 p.m.7 views

EUVD-2019-19401

html5snmp 1.11 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through RouterID and RouterIP parameters. Attackers can exploit error-based, time-based, and union-based injection techniques to potentially extract or modify database information by...

7.1CVSS5.7AI score0.0037EPSS
Exploits1References3
CVE
CVE
added 2026/02/06 4:41 p.m.11 views

CVE-2019-25298

The CVE-2019-25298 entry concerns html5_snmp version 1.11, where SQL injection flaws exist in the Router_ID and Router_IP parameters. The underlying vulnerability allows manipulation of database queries using error-based, time-based, and union-based techniques, potentially enabling extraction or ...

9.1CVSS5.7AI score0.0037EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.5 views

PT-2026-6851

Summary Critical Error-Based SQL Injection vulnerability in the Scadenzario Payment Schedule bulk operations module of OpenSTAManager v2.9.8 allows authenticated attackers to extract complete database contents including user credentials, customer PII, and financial records through XML error...

8.7CVSS6.4AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.5 views

PT-2026-6737

Name of the Vulnerable Software and Affected Versions html5 snmp version 1.11 Description The software contains multiple SQL injection flaws that allow manipulation of database queries. Attackers can leverage the Router ID and Router IP parameters to exploit error-based, time-based, and union-bas...

9.1CVSS5.9AI score0.0037EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/02/05 3:25 p.m.4 views

CVE-2020-37151 phpMyChat Plus 1.98 'deluser.php' SQL Injection

phpMyChat Plus 1.98 contains a SQL injection vulnerability in the deluser.php page through the pmcusername parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to extract sensitive database...

8.8CVSS5.6AI score0.00383EPSS
Exploits1References3
EUVD
EUVD
added 2026/02/05 3:25 p.m.7 views

EUVD-2020-31050

phpMyChat Plus 1.98 contains a SQL injection vulnerability in the deluser.php page through the pmcusername parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to extract sensitive database...

8.8CVSS5.6AI score0.00383EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/03 10:1 p.m.27 views

CVE-2020-37076 Victor CMS 1.0 - 'post' SQL Injection

Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based,...

8.8CVSS0.00365EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/03 10:1 p.m.2 views

CVE-2020-37076 Victor CMS 1.0 - 'post' SQL Injection

Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based,...

8.8CVSS5.7AI score0.00365EPSS
Exploits1References3
CVE
CVE
added 2026/02/03 10:1 p.m.13 views

CVE-2020-37076

Victor CMS 1.0 is affected by a SQL injection in the post parameter of post.php. The vulnerability allows remote attackers to manipulate database queries using crafted UNION SELECT payloads to extract information via boolean-based, error-based, and time-based techniques. Reported across multiple ...

8.8CVSS5.8AI score0.00365EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/03 10:1 p.m.5 views

CVE-2020-37076

Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based,...

8.8CVSS5.8AI score0.00365EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/02/03 4:52 p.m.13 views

CVE-2020-37112

CVE-2020-37112 affects GUnet OpenEclass 1.7.3. The provided documents describe multiple SQL injection vulnerabilities in the agenda module and other endpoints, exploitable by authenticated attackers to manipulate queries and extract sensitive data via error-based or time-based techniques (via the...

7.1CVSS5.6AI score0.00274EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/03 4:52 p.m.3 views

CVE-2020-37112 GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection

GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoints to extract sensitive database information...

7.1CVSS5.6AI score0.00274EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.5 views

PT-2026-5827

Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based,...

8.8CVSS5.9AI score0.00365EPSS
Exploits1References4
Rows per page
Query Builder