CVE-2018-25429

Paroiciel 11.20 contains an SQL injection in zpro.php via the zProIdPro parameter, exploitable by authenticated users to run arbitrary SQL and exfiltrate sensitive DB info (usernames, databases, version). CVSS 4.0/3.1 base scores are HIGH (7.1) with NETWORK attack vector and LOW privileges requir...

CVE-2021-47928

Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the productid parameter. Attackers can craft malicious SQL queries using time-based or content-based blind injection...

CVE-2025-52545

E3 Site Supervisor Control firmware version 2.31F01 RCI service contains an API call to read users info, which returns all usernames and password hashes for the application services...

PT-2022-21729 · Brocade · Brocade Sannav

Name of the Vulnerable Software and Affected Versions: Brocade SANnav versions prior to 2.2.1 Description: The issue allows an attacker with admin privilege to read sensitive information, including usernames and encoded passwords, which are logged in debug-enabled logs. Recommendations: For...