Lucene search
K

476 matches found

Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.5 views

PT-2026-5827

Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based,...

8.8CVSS5.9AI score0.00365EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.7 views

PT-2026-5857

Name of the Vulnerable Software and Affected Versions GUnet OpenEclass version 1.7.3 Description The software contains multiple SQL injection flaws. Authenticated attackers can manipulate database queries through unvalidated parameters. Attackers can exploit the month parameter in the agenda modu...

7.1CVSS5.6AI score0.00274EPSS
Exploits1References6
NVD
NVD
added 2026/01/15 4:16 p.m.4 views

CVE-2021-47766

Kmaleon 1.1.0.205 contains an authenticated SQL injection vulnerability in the 'tipocomb' parameter of kmaleonW.php that allows attackers to manipulate database queries. Attackers can exploit this vulnerability using boolean-based, error-based, and time-based blind SQL injection techniques to...

7.1CVSS0.00239EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/15 3:52 p.m.5 views

EUVD-2026-2773

Kmaleon 1.1.0.205 contains an authenticated SQL injection vulnerability in the 'tipocomb' parameter of kmaleonW.php that allows attackers to manipulate database queries. Attackers can exploit this vulnerability using boolean-based, error-based, and time-based blind SQL injection techniques to...

7.1CVSS7.3AI score0.00239EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/15 12:0 a.m.5 views

CVE-2025-67082

An SQL injection vulnerability in InvoicePlane through 1.6.3 has been identified in "maxQuantity" and "minQuantity" parameters when generating a report. An authenticated attacker can exploit this issue via error-based SQL injection, allowing for the extraction of arbitrary data from the database...

6.5CVSS6AI score0.00271EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.3 views

PT-2026-3026

Name of the Vulnerable Software and Affected Versions InvoicePlane versions through 1.6.3 Description An SQL injection issue exists in InvoicePlane. The problem is found in the maxQuantity and minQuantity parameters when generating a report. A user with valid credentials can exploit this by using...

6.5CVSS7.4AI score0.00271EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/01/14 11:18 p.m.4 views

CVE-2022-50895

Aero CMS 0.0.1 contains a SQL injection vulnerability in the author parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, time-based, and UNION query techniques to extract sensitive database information and potentially compromise the...

9.8CVSS7.7AI score0.00554EPSS
Exploits1References1
OSV
OSV
added 2026/01/13 11:15 p.m.6 views

CVE-2022-50895

Aero CMS 0.0.1 contains a SQL injection vulnerability in the author parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, time-based, and UNION query techniques to extract sensitive database information and potentially compromise the...

9.8CVSS5.9AI score0.00554EPSS
Exploits1References4
NVD
NVD
added 2026/01/13 11:15 p.m.5 views

CVE-2022-50895

Aero CMS 0.0.1 contains a SQL injection vulnerability in the author parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, time-based, and UNION query techniques to extract sensitive database information and potentially compromise the...

9.8CVSS0.00554EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2026/01/03 8:15 p.m.298 views

Exploit for Code Injection in Symfony Twig

Successful Errors: New Code Injection and SSTI Techniques !R...

9.8CVSS8.5AI score0.10701EPSS
Exploits7
OSV
OSV
added 2025/12/22 10:16 p.m.3 views

CVE-2023-53972

WebTareas 2.4 contains a SQL injection vulnerability in the webTareasSID cookie parameter that allows unauthenticated attackers to manipulate database queries. Attackers can exploit error-based and time-based blind SQL injection techniques to extract database information and potentially access...

7.5CVSS5.8AI score0.0037EPSS
Exploits1References3
NVD
NVD
added 2025/12/22 10:16 p.m.6 views

CVE-2023-53972

WebTareas 2.4 contains a SQL injection vulnerability in the webTareasSID cookie parameter that allows unauthenticated attackers to manipulate database queries. Attackers can exploit error-based and time-based blind SQL injection techniques to extract database information and potentially access...

9.3CVSS0.0037EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/22 9:35 p.m.2 views

CVE-2023-53972 WebTareas 2.4 Unauthenticated SQL Injection via Session Cookie Parameter

WebTareas 2.4 contains a SQL injection vulnerability in the webTareasSID cookie parameter that allows unauthenticated attackers to manipulate database queries. Attackers can exploit error-based and time-based blind SQL injection techniques to extract database information and potentially access...

9.3CVSS7.4AI score0.0037EPSS
Exploits1References3
CVE
CVE
added 2025/12/22 9:35 p.m.12 views

CVE-2023-53972

WebTareas 2.4 exposes an unauthenticated SQL injection via the webTareasSID cookie parameter. Multiple connected sources confirm the issue and describe exploitation through error-based and time-based blind techniques to extract data and access sensitive information. The PT-2025-52709 entry notes ...

9.3CVSS7.4AI score0.0037EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/12/15 9:15 p.m.3 views

CVE-2023-53877

Bus Reservation System 1.1 contains a SQL injection vulnerability in the pickupid parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to steal information from the database...

9.8CVSS5.8AI score0.00385EPSS
Exploits1References3
CVE
CVE
added 2025/12/15 8:28 p.m.12 views

CVE-2023-53877

CVE-2023-53877 affects Bus Reservation System 1.1. The vulnerability is a SQL injection in the pickup_id parameter, enabling attackers to manipulate database queries. Techniques cited: boolean-based , error-based , and time-based blind SQL injection to steal information from the database. Practic...

9.8CVSS7.3AI score0.00385EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/12/15 8:28 p.m.20 views

CVE-2023-53877 Bus Reservation System 1.1 Multiple SQL Injection via pickup_id Parameter

Bus Reservation System 1.1 contains a SQL injection vulnerability in the pickupid parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to steal information from the database...

9.3CVSS0.00385EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2025/12/09 12:0 a.m.169 views

📄 dotCMS 25.07.02-1 SQL Injection

This PHP script represents a sophisticated dual-method SQL Injection exploit targeting dotCMS version 25.07.02-1. The exploit combines time-based blind SQL injection and error-based SQL injection techniques to extract password hashes from the database, specifically targeting administrator account...

9.4CVSS8.5AI score0.01558EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2025/12/03 2:2 p.m.15 views

CVE-2025-66205

Frappe is a full-stack web application framework. Prior to 15.86.0 and 14.99.2, a certain endpoint was vulnerable to error-based SQL injection due to lack of validation of parameters. Some information like version could be retrieved. This vulnerability is fixed in 15.86.0 and 14.99.2...

9.8CVSS7.6AI score0.00272EPSS
Exploits0References1
OSV
OSV
added 2025/12/01 8:26 p.m.6 views

CVE-2025-66205 Frappe has the possibility of SQL Injection due to improper validations

Frappe is a full-stack web application framework. Prior to 15.86.0 and 14.99.2, a certain endpoint was vulnerable to error-based SQL injection due to lack of validation of parameters. Some information like version could be retrieved. This vulnerability is fixed in 15.86.0 and 14.99.2...

7.1CVSS7.5AI score0.00272EPSS
Exploits0References4
Rows per page
Query Builder