Lucene search
K

291 matches found

Metasploit
Metasploit
added 2023/07/31 7:52 p.m.451 views

Rudder Server SQLI Remote Code Execution

This Metasploit module exploits a SQL injection vulnerability in RudderStack's rudder-server, an open source Customer Data Platform CDP. The vulnerability exists in versions of rudder-server prior to 1.3.0-rc.1. By exploiting this flaw, an attacker can execute arbitrary SQL commands, which may le...

8.8CVSS8.8AI score0.85825EPSS
Exploits4
Cvelist
Cvelist
added 2023/07/15 4:31 p.m.31 views

CVE-2023-3682 Nesote Inout Blockchain EasyPayments POST Parameter getcoinaddress sql injection

A vulnerability, which was classified as critical, was found in Nesote Inout Blockchain EasyPayments 1.0. Affected is an unknown function of the file /index.php/payment/getcoinaddress of the component POST Parameter Handler. The manipulation of the argument coinid leads to sql injection. It is...

6.5CVSS10AI score0.00425EPSS
Exploits0References2
Huntr
Huntr
added 2023/07/08 10:27 a.m.12 views

SQL Injection

Description GLPI 10.0.8 and are affected by an SQL injection on the page ajax/dashboard.php Proof of Concept I can provide you the POC written in python3.5 or higher. Just provide me a way to send it to you. Tested under the following environment: - Ubuntu 20.04 - GLPI 10.0.8 and 10.0.7 - Mysql...

8.1AI score
Exploits0
NVD
NVD
added 2023/05/08 2:15 p.m.31 views

CVE-2023-2114

The NEX-Forms WordPress plugin before 8.4 does not properly escape the table parameter, which is populated with user input, before concatenating it to an SQL query...

7.2CVSS7.2AI score0.44629EPSS
Exploits3References2
Cvelist
Cvelist
added 2023/03/23 12:0 a.m.23 views

CVE-2023-24655

Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter under the Profile Update function...

10AI score0.01023EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/03/16 4:34 p.m.18 views

CVE-2023-28108 Pimcore has improper quoting of columns when calling methods "getByUuid" & "exists" on UUID Model

Pimcore is an open source data and experience management platform. Prior to version 10.5.19, quoting is not done properly in UUID DAO model. There is the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in...

7.9CVSS8.1AI score0.00855EPSS
Exploits0References3
OwnCloud
OwnCloud
added 2023/03/14 12:0 a.m.27 views

SQLInjection in FileContentProvider.kt - ownCloud

Due to some insecure code in a exported content provider an attacker with local access could retrieve information from the ownCloud app database through SQL injection...

5CVSS6.2AI score0.00464EPSS
Exploits1Affected Software1
Cvelist
Cvelist
added 2023/03/02 12:0 a.m.29 views

CVE-2023-26780

CleverStupidDog yf-exam v 1.8.0 is vulnerable to SQL Injection...

9.8AI score0.0078EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/02/06 12:56 p.m.25 views

CVE-2023-0679 SourceCodester Canteen Management System removeUser.php sql injection

A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file removeUser.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The complexit...

5CVSS8.5AI score0.00717EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2023/01/31 12:0 a.m.12 views

GeoDirectory < 2.2.24 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. PoC POST /wp-admin/admin-ajax.php HTTP/1.1...

7.2CVSS7.8AI score0.00764EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/01/13 9:20 a.m.28 views

CVE-2023-0283 SourceCodester Online Flight Booking Management System POST Parameter review_search.php sql injection

A vulnerability classified as critical has been found in SourceCodester Online Flight Booking Management System. This affects an unknown part of the file reviewsearch.php of the component POST Parameter Handler. The manipulation of the argument txtsearch leads to sql injection. It is possible to...

6.5CVSS10AI score0.00743EPSS
Exploits1References3
NVD
NVD
added 2022/12/26 1:15 p.m.18 views

CVE-2022-4162

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgrow POST parameter before concatenating it to an SQL query in 3row-order.php. This may allow malicious users with at least author privilege to leak sensitive information...

6.5CVSS0.00854EPSS
Exploits2References2
NVD
NVD
added 2022/11/22 9:15 p.m.22 views

CVE-2022-45535

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at \admin\categories.php. This vulnerability allows attackers to access database information...

4.9CVSS0.00775EPSS
Exploits1References2
OSV
OSV
added 2022/11/22 9:15 p.m.18 views

CVE-2022-45330

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Category parameter at \category.php. This vulnerability allows attackers to access database information...

7.5CVSS8.1AI score0.00772EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/11/17 10:45 p.m.30 views

CVE-2022-43506 Delta Electronics DIAEnergie SQL Injection

SQL Injection in HandlerTagKID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network...

8.8CVSS9.2AI score0.00685EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2022/10/21 12:0 a.m.21 views

Quiz And Survey Master < 7.3.5 - Admin+ SQL Injection

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privileged users...

9.1CVSS2.7AI score0.00816EPSS
Exploits0Affected Software1
NVD
NVD
added 2022/10/14 7:15 a.m.24 views

CVE-2022-3495

A vulnerability has been found in SourceCodester Simple Online Public Access Catalog 1.0 and classified as critical. This vulnerability affects unknown code of the file /opac/Actions.php?a=login of the component Admin Login. The manipulation of the argument username/password leads to sql injectio...

7.3CVSS0.00632EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/09/27 1:14 p.m.23 views

CVE-2022-40352

Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/updatetraveller.php...

7.5AI score0.00726EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/09/13 12:0 a.m.28 views

CVE-2022-38538

Archery v1.7.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the checksum parameter in the report module...

10AI score0.00861EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/09/13 12:0 a.m.28 views

CVE-2022-38540

Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the createkillsession interface...

10AI score0.00861EPSS
Exploits0References3
Rows per page
Query Builder