Sql injection

In MMSProvider, there is a possible read of protected data due to improper input validationSQL injection. This could lead to local information disclosure of sms/mms data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2022-33171

The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's position is that...

CVE-2022-32300

YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the MailSendID parameter at /App/Lib/Action/Admin/MailAction.class.php...

Jeeves - Time-Based Blind SQLInjection Finder

Jeeves is made for looking to Time-Based Blind SQLInjection through recon. - Installation & Requirements: Installing Jeeves  $ go install github.com/ferreiraklet/Jeeves@latest OR $ git clone https://github.com/ferreiraklet/Jeeves.git $ cd Jeeves $ go build jeeves.go $ chmod +x jeeves $ ./jeeves...

CVE-2021-41754

dynamicMarkt = 3.10 is affected by SQL injection in the parent parameter of index.php...

CVE-2022-0783

The Multiple Shipping Address Woocommerce WordPress plugin before 2.0 does not properly sanitise and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections...

CVE-2022-29904

The SemanticDrilldown extension for MediaWiki through 1.37.2 before e688bdba6434591b5dff689a45e4d53459954773 allows SQL injection with certain '-' and '' constraints...

CVE-2022-29904

The SemanticDrilldown extension for MediaWiki through 1.37.2 before e688bdba6434591b5dff689a45e4d53459954773 allows SQL injection with certain '-' and '' constraints...

CScms SQL Injection Vulnerability (CNVD-2022-33151)

CScms is a Content Management System CMS developed based on the CI framework.Cscms Music Portal System v4.2 is vulnerable to SQL injection, which can be exploited by attackers via the component newsNews.phphy...

CVE-2022-28035

Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMSadminajaxblur-save.php...

CVE-2021-43700

An issue was discovered in ApiManager 1.1. there is sql injection vulnerability that can use in /index.php?act=api&tag=8...

CVE-2022-25506

FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser...

CVE-2022-0267

The AdRotate WordPress plugin before 5.8.22 does not sanitise and escape the adrotateaction before using it in a SQL statement via the adrotaterequestaction function available to admins, leading to a SQL injection...

Wow Countdowns <= 3.1.2 - Admin+ SQLi

The plugin does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection. https://example.com/wp-admin/admin.php?page=mwp-countdown&info=del&did=1+AND+SELECT+5382+FROM+SELECTSLEEP5PpNt...

CVE-2022-0228

The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby and order parameters before using them in a SQL statement in the admin dashboard, which could allow high privilege users to perform SQL injection...

CVE-2022-23358

EasyCMS v1.6 allows for SQL injection via ArticlemAction.class.php. In the background, search terms provided by the user were not sanitized and were used directly to construct a SQL statement...

in adodb/adodb

Description An attacker can inject values into the PostgreSQL connection string by bypassing adodbaddslashes . The function can be bypassed in phppgadmin for example by surrounding the username in quotes and submitting with other parameters injected in between. Proof of Concept I'm going to use...

CVE-2021-42325

Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name...

College Management System 1.0 Cross Site Scripting

Exploit Title: college management system - Stored Cross-Site Scripting XSS Unauthenticated Date: 01/10/2021 Exploit Author: Abdulrahman https://twitter.com/infosec90 Vendor Homepage: https://www.eedunext.com/ Software Link:...

CVE-2021-24303

The JiangQie Official Website Mini Program WordPress plugin before 1.1.1 does not escape or validate the id GET parameter before using it in SQL statements, leading to SQL injection issues...