53 matches found
CVE-2017-12774
finecms in 1.9.5\controllers\member\ContentController.php allows remote attackers to operate website database...
CVE-2025-26086
An unauthenticated blind SQL injection vulnerability exists in RSI Queue Management System v3.0 within the TaskID parameter of the get request handler. Attackers can remotely inject time-delayed SQL payloads to induce server response delays, enabling time-based inference and iterative extraction ...
CVE-2025-32824
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UnlockProject' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and...
CVE-2024-54926
A SQL Injection vulnerability was found in /searchclass.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the schoolyear parameter...
PT-2024-36440 · Unknown · Kashipara E-Learning Management System
Name of the Vulnerable Software and Affected Versions: kashipara E-learning Management System version 1.0 Description: A SQL Injection issue was found in the /admin/edit user.php file, allowing remote attackers to execute arbitrary SQL commands and gain unauthorized access to the database via the...
PT-2024-36442 · Unknown · Kashipara E-Learning Management System
Name of the Vulnerable Software and Affected Versions: kashipara E-learning Management System version 1.0 Description: A SQL injection issue was found in the /admin/edit content.php endpoint, allowing remote attackers to execute arbitrary SQL commands and gain unauthorized access to the database...
CVE-2024-54921
A SQL Injection was found in /studentsignup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and classid parameters...
PT-2024-34342 · Unknown · Elefant Firebird
Name of the Vulnerable Software and Affected Versions: Elefant Firebird database versions prior to 24.03.03 Description: An unauthenticated attacker with access to the local network of a medical office can use known default credentials to gain remote DBA access to the Elefant Firebird database...
PT-2024-33068 · Unknown · Phpgurukul User Registration & Login/User Management System
Name of the Vulnerable Software and Affected Versions: PHPGurukul User Registration & Login and User Management System version 3.2 Description: A SQL Injection issue was found in the /password-recovery.php file, allowing remote attackers to execute arbitrary SQL commands and gain unauthorized...
CVE-2022-36276
TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' parameter inside the function 'BuscarESM'. The exploitation of this vulnerability might allow a remote attacker to directly interact with the database...
PT-2023-9169 · Unknown · Schuhfried
Name of the Vulnerable Software and Affected Versions: SCHUHFRIED version 8.22.00 Description: The issue is related to the use of hardcoded credentials in the SCHUHFRIED system, which can be exploited by a remote attacker to obtain access to protected information using a specially crafted curl...
CVE-2022-45444
Sewio’s Real-Time Location System RTLS Studio version 2.0.0 up to and including version 2.6.2 contains hard-coded passwords for select users in the application’s database. This could allow a remote attacker to login to the database with unrestricted access...
Readymade Job Portal Script SQL Injection Vulnerability
Readymade Job Portal Script suffers from a remote SQL injection vulnerability. The researcher requested version information from the vendor while reporting the vulnerability but the company has been unresponsive. ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐...
Matrimonial PHP Script 1.0 SQL Injection
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
CVE-2022-28862
In Archibus Web Central before 26.2, multiple SQL Injection vulnerabilities occur in dwr/call/plaincall/workflow.runWorkflowRule.dwr. Through the injection of arbitrary SQL statements, a potential attacker can modify query syntax and perform unauthorized and unexpected operations against the remo...
Eaglesoft 信任管理问题漏洞
Eaglesoft is a software application.Eaglesoft is dental software that we call PMS or Practice Management Software. It contains charting information, insurance, patient information, scheduling, scanned documents, and in some cases X-rays if the office is licensed for imaging. Patterson Eaglesoft A...
IBM Datacap Taskmaster Capture SQL Injection Vulnerability
IBM Datacap Taskmaster Capture is a complete solution for document and data capture from IBM USA. Data and document images can be scanned, categorized, identified, validated, verified and exported quickly, accurately and cost-effectively. IBM Datacap Taskmaster Capture suffers from a SQL injectio...
CVE-2019-3906
Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents...
MySQL Server Login Possible
Nessus was able to log into the remote MySQL server using the supplied credentials. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid91823; scriptversion"1.5"; scriptsetattributeattribute:"pluginmodificationdate", value:"2026/01/27"; scriptnameenglish:"MySQL Server Log...
Milw0rm Clone Script SQL Injection Vulnerability
Milw0rm is a hacking and defense interest group that provides security services such as vulnerability mining, security information, hacking and defense, security tools and other security services for IT technicians.Milw0rm Clone Script is a script for sharing and managing the Milw0rm website's...