Lucene search
K

475 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/26 11:39 a.m.3 views

CVE-2018-25210

WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the endpoint that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL payloads through the 'urun' parameter to execute boolean-based blind, error-based, time-based...

8.8CVSS6AI score0.00271EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/26 11:39 a.m.7 views

CVE-2018-25210 WebOfisi E-Ticaret 4.0 SQL Injection via urun Parameter

WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the endpoint that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL payloads through the 'urun' parameter to execute boolean-based blind, error-based, time-based...

8.8CVSS6AI score0.00271EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/26 11:39 a.m.1 views

CVE-2018-25206

KomSeo Cart 1.3 contains an SQL injection vulnerability that allows attackers to inject SQL commands through the 'myitemsearch' parameter in edit.php. Attackers can submit POST requests with malicious SQL payloads to extract sensitive database information using boolean-based blind or error-based...

8.8CVSS5.9AI score0.00245EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/26 11:39 a.m.28 views

CVE-2018-25206 KomSeo Cart 1.3 SQL Injection via edit.php

KomSeo Cart 1.3 contains an SQL injection vulnerability that allows attackers to inject SQL commands through the 'myitemsearch' parameter in edit.php. Attackers can submit POST requests with malicious SQL payloads to extract sensitive database information using boolean-based blind or error-based...

8.8CVSS0.00245EPSS
Exploits0References3
CVE
CVE
added 2026/03/26 11:39 a.m.8 views

CVE-2018-25206

KomSeo Cart 1.3 contains an SQL injection in edit.php via the my_item_search parameter. Attackers can submit POST payloads to perform boolean-based blind or error-based injections to extract sensitive database information. The vulnerability has high impact on confidentiality (C) and low impact on...

8.8CVSS5.9AI score0.00245EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/26 11:39 a.m.6 views

CVE-2018-25206 KomSeo Cart 1.3 SQL Injection via edit.php

KomSeo Cart 1.3 contains an SQL injection vulnerability that allows attackers to inject SQL commands through the 'myitemsearch' parameter in edit.php. Attackers can submit POST requests with malicious SQL payloads to extract sensitive database information using boolean-based blind or error-based...

8.8CVSS6AI score0.00245EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/26 11:39 a.m.3 views

CVE-2018-25205

ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the 'query' parameter in the search functionality. Attackers can submit malicious SQL payloads via GET or POST requests to the /search endpoint to extract sensitive...

8.8CVSS5.9AI score0.00267EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.4 views

PT-2026-28243

Name of the Vulnerable Software and Affected Versions KomSeo Cart version 1.3 Description An SQL injection flaw allows attackers to inject SQL commands via the my item search parameter in the 'edit.php' endpoint. By submitting POST requests with malicious payloads, attackers can extract sensitive...

8.8CVSS5.9AI score0.00245EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.8 views

PT-2026-28242

ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the 'query' parameter in the search functionality. Attackers can submit malicious SQL payloads via GET or POST requests to the /search endpoint to extract sensitive...

8.8CVSS6AI score0.00267EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/24 12:30 p.m.4 views

EUVD-2019-20010

Zeeways Matrimony CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the profilelist endpoint. Attackers can inject SQL code via the upcast, smother, and sreligion parameters to extract sensitive database information usi...

8.8CVSS5.9AI score0.00327EPSS
Exploits1References4
CVE
CVE
added 2026/03/24 11:27 a.m.14 views

CVE-2019-25635

Zeeways Matrimony CMS is affected by SQL injection vulnerabilities in the profile_list endpoint, exploitable by unauthenticated attackers via the up_cast, s_mother, and s_religion parameters to manipulate database queries and exfiltrate data using time-based or error-based techniques. The CVE-201...

8.8CVSS5.9AI score0.00327EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/24 11:27 a.m.19 views

CVE-2019-25635 Zeeways Matrimony CMS Lastest SQL Injection via profile_list

Zeeways Matrimony CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the profilelist endpoint. Attackers can inject SQL code via the upcast, smother, and sreligion parameters to extract sensitive database information usi...

8.8CVSS0.00327EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2026/03/18 1:2 p.m.125 views

SQLInject

Sqlinject 💉 Advanced SQL Injection Scanner with WAF Bypass...

6AI score
Exploits0
EUVD
EUVD
added 2026/03/12 6:30 p.m.4 views

EUVD-2019-19766

Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthlyexpenseoverview endpoint with crafted month values using boolean-based blind,...

7.1CVSS5.9AI score0.00323EPSS
Exploits0References3
NVD
NVD
added 2026/03/12 4:16 p.m.4 views

CVE-2019-25473

Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthlyexpenseoverview endpoint with crafted month values using boolean-based blind,...

7.1CVSS0.00323EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/12 3:36 p.m.3 views

CVE-2019-25473 Clinic Pro SQL Injection via monthly_expense_overview month Parameter

Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthlyexpenseoverview endpoint with crafted month values using boolean-based blind,...

7.1CVSS6AI score0.00323EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/12 3:36 p.m.4 views

CVE-2019-25473

Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthlyexpenseoverview endpoint with crafted month values using boolean-based blind,...

7.1CVSS5.9AI score0.00323EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/12 3:36 p.m.25 views

CVE-2019-25473 Clinic Pro SQL Injection via monthly_expense_overview month Parameter

Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthlyexpenseoverview endpoint with crafted month values using boolean-based blind,...

7.1CVSS0.00323EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/05 7:30 p.m.6 views

CVE-2019-25505

Tradebox 5.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the symbol parameter. Attackers can send POST requests to the monthlydeposit endpoint with malicious symbol values using boolean-based blind,...

7.1CVSS6.1AI score0.00287EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/04 6:31 p.m.8 views

EUVD-2019-19731

Tradebox 5.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the symbol parameter. Attackers can send POST requests to the monthlydeposit endpoint with malicious symbol values using boolean-based blind,...

7.1CVSS6.1AI score0.00287EPSS
Exploits1References3
Rows per page
Query Builder