CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

25632 matches found

Vulnrichment•added 2026/03/12 3:37 p.m.•1 views

CVE-2019-25538 202CMS v10 beta SQL Injection via log_user Parameter

202CMS v10 beta contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the loguser parameter. Attackers can send crafted requests with malicious SQL statements in the loguser field to extract sensitive database...

8.8CVSS5.9AI score0.00224EPSS

Exploits1References3

Cvelist•added 2026/03/12 3:37 p.m.•23 views

CVE-2019-25539 202CMS v10 beta SQL Injection via register.php

202CMS v10 beta contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the loguser parameter. Attackers can send POST requests to index.php with crafted SQL payloads using time-based blind injection technique...

8.8CVSS0.00235EPSS

Exploits1References3

ATTACKERKB•added 2026/03/12 3:37 p.m.•2 views

CVE-2019-25537

Netartmedia Event Portal 2.0 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with malicious SQL payloads in the Email...

8.8CVSS5.9AI score0.00123EPSS

Exploits0References2Affected Software1

CVE•added 2026/03/12 3:37 p.m.•5 views

CVE-2019-25530

The CVE describes an SQL injection in the uHotelBooking System where unauthenticated attackers can inject through the system_page GET parameter in index.php. The vulnerability enables time-based blind SQL injection to extract sensitive database information, with CVSS scores indicating HIGH impact...

8.8CVSS5.9AI score0.00117EPSS

Exploits0References2

CVE•added 2026/03/12 3:37 p.m.•6 views

CVE-2019-25529

Placeto CMS Alpha rv.4 contains an authenticated SQL injection vulnerability in the admin/edit.php endpoint via the page parameter. Attackers can craft GET requests to extract data using boolean-based blind, time-based blind, or union-based techniques without user interaction, with LOW privileges...

7.1CVSS5.9AI score0.00038EPSS

Exploits0References4

ATTACKERKB•added 2026/03/12 3:37 p.m.•2 views

CVE-2019-25529

Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Attackers can send GET requests to the admin/edit.php endpoint with malicious 'page' values using boolean-based...

7.1CVSS5.9AI score0.00038EPSS

Exploits0References4Affected Software1

CVE•added 2026/03/12 3:36 p.m.•7 views

CVE-2019-25525

CVE-2019-25525 affects Inout EasyRooms Ultimate Edition v1.0. The vulnerability is an SQL injection in the guests parameter that can be exploited via POST to the search/rentals endpoint, enabling unauthenticated attackers to bypass authentication and potentially extract or modify data. The provid...

9.1CVSS5.9AI score0.00263EPSS

Exploits1References2Affected Software1

Cvelist•added 2026/03/12 3:36 p.m.•24 views

CVE-2019-25524 XooGallery Lastest Latest SQL Injection via results.php

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to bypass authentication, extract sensitive data...

8.8CVSS0.00263EPSS

Exploits1References2

Vulnrichment•added 2026/03/12 3:36 p.m.•1 views

CVE-2019-25525 Inout EasyRooms Ultimate Edition v1.0 SQL Injection via search

Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the guests parameter. Attackers can send POST requests to the search/rentals endpoint with malicious SQL payloads to...

8.8CVSS5.9AI score0.00263EPSS

Exploits1References2

Cvelist•added 2026/03/12 3:36 p.m.•24 views

CVE-2019-25523 XooGallery Lastest Latest SQL Injection via cat.php

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requests to cat.php with malicious catid values to bypass authentication, extract sensitive data...

8.8CVSS0.00263EPSS

Exploits1References2

ATTACKERKB•added 2026/03/12 3:36 p.m.•2 views

CVE-2019-25522

XooGallery Latest contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through the photoid parameter. Attackers can send GET requests to photo.php with malicious photoid values to extract sensitive data, bypass...

8.8CVSS5.9AI score0.00263EPSS

Exploits1References2

Cvelist•added 2026/03/12 3:36 p.m.•23 views

CVE-2019-25521 XooGallery Lastest Latest SQL Injection via gal.php gal_id

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the galid parameter. Attackers can send GET requests to gal.php with malicious galid values to extract sensitive database information or...

8.8CVSS0.00093EPSS

Exploits1References2

ATTACKERKB•added 2026/03/12 3:36 p.m.•1 views

CVE-2019-25519

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the option parameter. Attackers can send POST requests to uyelik.php with crafted payloads in the option parameter to...

8.8CVSS6AI score0.00041EPSS

Exploits1References2Affected Software1

Cvelist•added 2026/03/12 3:36 p.m.•22 views

CVE-2019-25518 Jettweb PHP Hazir Haber Sitesi Scripti V1 SQL Injection via arama.php

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the poll parameter. Attackers can send POST requests to arama.php with malicious SQL payloads in the poll parameter ...

8.8CVSS0.001EPSS

Exploits1References2

CVE•added 2026/03/12 3:36 p.m.•6 views

CVE-2019-25516

The CVE-2019-25516 entry describes an SQL injection in Jettweb PHP Hazir Haber Sitesi Scripti V1, exploitable via GET requests to gallery.php with a malicious gallery_id (UNION-based) allowing unauthenticated data extraction. Metrics indicate CVSS v3.1 base score 8.2 (HIGH) and CVSS v4.0 base sco...

8.8CVSS5.9AI score0.001EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2026/03/12 3:36 p.m.•2 views

CVE-2019-25515 Jettweb PHP Hazir Haber Sitesi Scripti V3 Authentication Bypass

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an authentication bypass vulnerability in the login.php administration panel that allows unauthenticated attackers to gain administrative access by submitting crafted SQL syntax. Attackers can bypass authentication by submitting equals signs and...

8.7CVSS5.8AI score0.00991EPSS

Exploits1References2

ATTACKERKB•added 2026/03/12 3:36 p.m.•2 views

CVE-2019-25515

8.7CVSS5.8AI score0.00991EPSS

Exploits1References2Affected Software1

CVE•added 2026/03/12 3:36 p.m.•5 views

CVE-2019-25515

The CVE-2019-25515 entry describes an authentication bypass in Jettweb PHP Hazir Haber Sitesi Scripti V3’s login.php, allowing unauthenticated attackers to gain admin access by submitting crafted SQL syntax (e.g., equals signs and 'or' operators) in username/password fields. This results in an un...

9.8CVSS5.8AI score0.00991EPSS

Exploits1References2Affected Software1

Cvelist•added 2026/03/12 3:36 p.m.•22 views

CVE-2019-25514 Jettweb PHP Hazir Haber Sitesi Scripti V3 SQL Injection

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive data...

8.8CVSS0.00128EPSS

Exploits1References2

Vulnrichment•added 2026/03/12 3:36 p.m.•0 views

CVE-2019-25510 Jettweb PHP Hazir Haber Sitesi Scripti V2 Authentication Bypass

Jettweb PHP Hazir Haber Sitesi Scripti V2 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. Attackers can submit SQL injection payloads in the username and...

8.8CVSS5.8AI score0.00201EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by