CVE-2022-38922

BluePage CMS thru 3.9 processes an insufficiently sanitized HTTP Header Cookie value allowing MySQL Injection in the 'users-cookie-settings' token using a Time-based blind SLEEP payload...

EUVD-2022-41469

Malicious code in bioql PyPI...

EUVD-2022-41470

Malicious code in bioql PyPI...

CVE-2022-38923

BluePage CMS thru v3.9 processes an insufficiently sanitized HTTP Header allowing MySQL Injection in the 'User-Agent' field using a Time-based blind SLEEP payload...

PT-2024-40161 · Propel · Propel

Name of the Vulnerable Software and Affected Versions: Propel versions 1.x through 3.x Description: The issue arises from the limit query method being susceptible to catastrophic SQL injection when using MySQL. This occurs due to a lack of integer casting of the limit input in either...

CVE-2022-38922

BluePage CMS thru 3.9 processes an insufficiently sanitized HTTP Header Cookie value allowing MySQL Injection in the 'users-cookie-settings' token using a Time-based blind SLEEP payload...

CVE-2022-38923

BluePage CMS thru v3.9 processes an insufficiently sanitized HTTP Header allowing MySQL Injection in the 'User-Agent' field using a Time-based blind SLEEP payload...

CVE-2022-38922

BluePage CMS thru 3.9 processes an insufficiently sanitized HTTP Header Cookie value allowing MySQL Injection in the 'users-cookie-settings' token using a Time-based blind SLEEP payload...

Design/Logic Flaw

BluePage CMS thru 3.9 processes an insufficiently sanitized HTTP Header Cookie value allowing MySQL Injection in the 'users-cookie-settings' token using a Time-based blind SLEEP payload...

Code injection

BluePage CMS thru v3.9 processes an insufficiently sanitized HTTP Header allowing MySQL Injection in the 'User-Agent' field using a Time-based blind SLEEP payload...

CVE-2022-38923

BluePage CMS thru v3.9 processes an insufficiently sanitized HTTP Header allowing MySQL Injection in the 'User-Agent' field using a Time-based blind SLEEP payload...

CVE-2022-38922

BluePage CMS up to version 3.9 is affected by an SQL injection in the processing of HTTP header cookie values, via the 'users-cookie-settings' token, allowing time-based blind exploitation (SLEEP). The issue arises from insufficient sanitization of the cookie header; Red Hat and NVD entries corro...

CVE-2022-38922

BluePage CMS thru 3.9 processes an insufficiently sanitized HTTP Header Cookie value allowing MySQL Injection in the 'users-cookie-settings' token using a Time-based blind SLEEP payload...

CVE-2022-38923

BluePage CMS thru v3.9 processes an insufficiently sanitized HTTP Header allowing MySQL Injection in the 'User-Agent' field using a Time-based blind SLEEP payload...

CVE-2022-38922

BluePage CMS thru 3.9 processes an insufficiently sanitized HTTP Header Cookie value allowing MySQL Injection in the 'users-cookie-settings' token using a Time-based blind SLEEP payload...

CVE-2022-38923

BluePage CMS (3.9 and earlier) contains SQL injection vulnerabilities due to insufficient sanitization of HTTP header fields. CVE-2022-38923 affects the User-Agent header, enabling MySQL Injection with a time-based blind payload on network access without authentication; CVE-2022-38922 (Red Hat / ...

PT-2023-13663 · Unknown · Bluepage Cms

Name of the Vulnerable Software and Affected Versions: BluePage CMS versions 3.9 and earlier Description: The issue allows MySQL Injection in the users-cookie-settings token using a Time-based blind SLEEP payload due to insufficient sanitization of the HTTP Header Cookie value. Recommendations: F...

PT-2023-13664 · Unknown · Bluepage Cms

Name of the Vulnerable Software and Affected Versions: BluePage CMS versions 3.9 and earlier Description: The issue allows MySQL Injection in the User-Agent field using a Time-based blind SLEEP payload due to insufficient sanitization of HTTP Headers. Recommendations: For BluePage CMS versions 3....

GHSA-WQJJ-HX84-V449 Django Vulnerable to MySQL Injection

The 1 FilePathField, 2 GenericIPAddressField, and 3 IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, relate...

ChemInv 1 Cross Site Scripting

Exploit Title: ChemInv - Authenticated Persistent Cross-Site Scripting Exploit Author: Bobby Cooke Date: 2020-04-29 Software Link: https://github.com/tmorrell/cheminv Software Info: "Cheminv is a web-based chemical inventory system. This responsive database provides an accessible way to organize...