UBUNTU-CVE-2024-43360

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61...

Simple Laboratory Management System 1.0 SQL Injection

Exploit Title: Simple Laboratory Management System - Manual Blind Time Based SQL Injection Exploit Description: A SQL Injection vulnerability in Computer Laboratory Management System v1.0 allows attackers to execute arbitrary SQL commands on the database server which causes the services to delay ...

CVE-2024-6265

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uwpsortby’ parameter in all versions up to, and including, 1.2.10 due to insufficient escaping on the user supplied...

PHPGurukul Daily Expenses Management System Security Vulnerability

PHPGurukul Daily Expenses Management System is a daily expenses management system from PHPGurukul, Inc. A security vulnerability exists in PHPGurukul Daily Expenses Management System version 1.0, which is caused by a time-based SQL injection vulnerability in the add-expense.php page, which can be...

CVE-2024-4443

The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2024-4318

CVE-2024-4318 (Tutor LMS – WordPress) is a time-based SQL Injection in Tutor LMS up to and including version 2.7.0 via the question_id parameter, caused by insufficient escaping and improper query preparation. Exploitation is possible by authenticated users with Instructor-level permissions and h...

CVE-2024-0913 WP ERP <= 1.13.0 - Authenticated (Accounting Manager+) SQL Injection

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the erp/v1/accounting/v1/transactions/sales REST API endpoint in all versions up to, and including, 1.13.0 due to insufficient escapi...

CSZCMS 1.3.0 SQL Injection Vulnerability

Title: CSZCMS v1.3.0 - SQL Injection Author: Abdulaziz Almetairy Vendor: https://www.cszcms.com/ Software: https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.3.0.zip/download Reference: https://github.com/oh-az Tested on: Windows 11, MySQL, Apache 1 - Log in to the admin portal...

CVE-2020-26630

A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a special payload in the 'Doctor Specialization' field under the 'Go to Doctors' tab after logging in as an admin...

CVE-2023-3023

CVE-2023-3023 concerns the WP EasyCart WordPress plugin. The vulnerability is a time-based SQL Injection via the vulnerable parameter “orderby” in versions up to and including 5.4.10, caused by insufficient escaping of user input and lack of proper SQL query preparation. This can allow an authent...

CVE-2023-2599

The Active Directory Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to missing nonce verification on the getusers function and insufficient escaping o...

CVE-2023-2484 Active Directory Integration / LDAP Integration <= 4.1.4 - Authenticated (Administrator+) SQL Injection

The Active Directory Integration plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th...

CVE-2023-2608

The Multiple Page Generator Plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to missing nonce verification on the projectslist function and insufficient escaping o...

CVE-2023-0895

The WP Coder – add custom html, css and js code plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in versions up to, and including, 2.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

Helmet Store Showroom 1.0 SQL Injection Exploit

Exploit Title: Helmet Store Showroom 1.0 - authenticated SQL Injection Exploit Author: syad Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/15851/helmet-store-showroom-site-php-and-mysql-free-source-code.html Version: 1.0 Tested on: Windows 10 +...

Helmet Store Showroom 1.0 SQL Injection

Exploit Title: Helmet Store Showroom 1.0 - authenticated SQL Injection Date: 25-11-2022 Exploit Author: syad Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/15851/helmet-store-showroom-site-php-and-mysql-free-source-code.html Version: 1.0 Tested o...

PT-2022-19964 · Unknown · Sourcecodester Online Market Place Site

Name of the Vulnerable Software and Affected Versions: Sourcecodester Online Market Place Site version 1.0 Description: The issue allows remote attackers to dump the SQL database via time-based SQL injection. This is an unauthenticated blind SQL Injection, enabling attackers to access the databas...

CVE-2022-26959

CVE-2022-26959 describes two full Blind/Time-based SQL injection vulnerabilities in Northstar Club Management v6.3. The flaws affect: (1) processlogin.jsp in /northstar/Portal/ via the userName parameter, and (2) login.jsp in /northstar/iphone/ via the userID parameter. Exploitation could grant f...

CVE-2022-34956

Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the pagesize parameter at loaddataforgroups.php...

Coffee Shop Cashiering System 1.0 SQL Injection

Exploit Title: Coffee Shop Cashiering System - Authenticated Time Based Sql injection Date: 27-06-2022 Exploit Author: syad Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/cscs.zip Version: 1.0 Tested on: Windows...