CVE-2019-25713

MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Chargegrouptotal parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blind...

CVE-2019-25713

MyT-PM 1.5.1 is affected by an SQL injection vulnerability reachable via the Charge[group_total] parameter in POST requests to /charge/admin. The issue allows authenticated attackers to execute arbitrary SQL queries, using error-based, time-based blind, or stacked query payloads to extract data o...

CVE-2019-25713

MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Chargegrouptotal parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blind...

CVE-2019-25713 MyT-PM 1.5.1 SQL Injection via Charge[group_total] Parameter

MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Chargegrouptotal parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blind...

MyT Project Management 1.5.1 - Charge[group_total] SQL Injection

MyT Project Management 1.5.1 - Chargegrouptotal SQL Injection Exploit Title: MyT-PM 1.5.1 - 'Chargegrouptotal' SQL Injection Date: 03.01.2019 Exploit Author: Mehmet Önder Key Vendor Homepage: https://manageyourteam.net/ Software Link: https://sourceforge.net/projects/myt/ Version: v1.5.1 Category...

MyT Project Management 1.5.1 SQL Injection

Exploit Title: MyT-PM 1.5.1 - 'Chargegrouptotal' SQL Injection Date: 03.01.2019 Exploit Author: Mehmet Ander Key Vendor Homepage: https://manageyourteam.net/ Software Link: https://sourceforge.net/projects/myt/ Version: v1.5.1 Category: Webapps Tested on: WAMPP @Win Software description: MyT Mana...