476 matches found
PT-2026-5827
Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based,...
PT-2026-5857
Name of the Vulnerable Software and Affected Versions GUnet OpenEclass version 1.7.3 Description The software contains multiple SQL injection flaws. Authenticated attackers can manipulate database queries through unvalidated parameters. Attackers can exploit the month parameter in the agenda modu...
CVE-2021-47766
Kmaleon 1.1.0.205 contains an authenticated SQL injection vulnerability in the 'tipocomb' parameter of kmaleonW.php that allows attackers to manipulate database queries. Attackers can exploit this vulnerability using boolean-based, error-based, and time-based blind SQL injection techniques to...
EUVD-2026-2773
Kmaleon 1.1.0.205 contains an authenticated SQL injection vulnerability in the 'tipocomb' parameter of kmaleonW.php that allows attackers to manipulate database queries. Attackers can exploit this vulnerability using boolean-based, error-based, and time-based blind SQL injection techniques to...
CVE-2025-67082
An SQL injection vulnerability in InvoicePlane through 1.6.3 has been identified in "maxQuantity" and "minQuantity" parameters when generating a report. An authenticated attacker can exploit this issue via error-based SQL injection, allowing for the extraction of arbitrary data from the database...
PT-2026-3026
Name of the Vulnerable Software and Affected Versions InvoicePlane versions through 1.6.3 Description An SQL injection issue exists in InvoicePlane. The problem is found in the maxQuantity and minQuantity parameters when generating a report. A user with valid credentials can exploit this by using...
CVE-2022-50895
Aero CMS 0.0.1 contains a SQL injection vulnerability in the author parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, time-based, and UNION query techniques to extract sensitive database information and potentially compromise the...
CVE-2022-50895
Aero CMS 0.0.1 contains a SQL injection vulnerability in the author parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, time-based, and UNION query techniques to extract sensitive database information and potentially compromise the...
CVE-2022-50895
Aero CMS 0.0.1 contains a SQL injection vulnerability in the author parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, time-based, and UNION query techniques to extract sensitive database information and potentially compromise the...
Exploit for Code Injection in Symfony Twig
Successful Errors: New Code Injection and SSTI Techniques !R...
CVE-2023-53972
WebTareas 2.4 contains a SQL injection vulnerability in the webTareasSID cookie parameter that allows unauthenticated attackers to manipulate database queries. Attackers can exploit error-based and time-based blind SQL injection techniques to extract database information and potentially access...
CVE-2023-53972
WebTareas 2.4 contains a SQL injection vulnerability in the webTareasSID cookie parameter that allows unauthenticated attackers to manipulate database queries. Attackers can exploit error-based and time-based blind SQL injection techniques to extract database information and potentially access...
CVE-2023-53972 WebTareas 2.4 Unauthenticated SQL Injection via Session Cookie Parameter
WebTareas 2.4 contains a SQL injection vulnerability in the webTareasSID cookie parameter that allows unauthenticated attackers to manipulate database queries. Attackers can exploit error-based and time-based blind SQL injection techniques to extract database information and potentially access...
CVE-2023-53972
WebTareas 2.4 exposes an unauthenticated SQL injection via the webTareasSID cookie parameter. Multiple connected sources confirm the issue and describe exploitation through error-based and time-based blind techniques to extract data and access sensitive information. The PT-2025-52709 entry notes ...
CVE-2023-53877
Bus Reservation System 1.1 contains a SQL injection vulnerability in the pickupid parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to steal information from the database...
CVE-2023-53877
CVE-2023-53877 affects Bus Reservation System 1.1. The vulnerability is a SQL injection in the pickup_id parameter, enabling attackers to manipulate database queries. Techniques cited: boolean-based , error-based , and time-based blind SQL injection to steal information from the database. Practic...
CVE-2023-53877 Bus Reservation System 1.1 Multiple SQL Injection via pickup_id Parameter
Bus Reservation System 1.1 contains a SQL injection vulnerability in the pickupid parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to steal information from the database...
📄 dotCMS 25.07.02-1 SQL Injection
This PHP script represents a sophisticated dual-method SQL Injection exploit targeting dotCMS version 25.07.02-1. The exploit combines time-based blind SQL injection and error-based SQL injection techniques to extract password hashes from the database, specifically targeting administrator account...
CVE-2025-66205
Frappe is a full-stack web application framework. Prior to 15.86.0 and 14.99.2, a certain endpoint was vulnerable to error-based SQL injection due to lack of validation of parameters. Some information like version could be retrieved. This vulnerability is fixed in 15.86.0 and 14.99.2...
CVE-2025-66205 Frappe has the possibility of SQL Injection due to improper validations
Frappe is a full-stack web application framework. Prior to 15.86.0 and 14.99.2, a certain endpoint was vulnerable to error-based SQL injection due to lack of validation of parameters. Some information like version could be retrieved. This vulnerability is fixed in 15.86.0 and 14.99.2...