Coffee Shop Cashiering System 1.0 SQL Injection

Exploit Title: Coffee Shop Cashiering System - Authenticated Time Based Sql injection Date: 27-06-2022 Exploit Author: syad Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/cscs.zip Version: 1.0 Tested on: Windows...

CVE-2021-43969

The CVE-2021-43969 entry concerns Quicklert for Digium 10.0.0 (1043). The vulnerability is a SQL injection in login.jsp (uname parameter) that enables Blind SQL Injection with Out-of-Band Interaction (DNS) and Blind Time-Based SQL Injections. Impact described in sources is disclosure of all data ...

CVE-2021-45788

Time-based SQL Injection vulnerabilities were found in Metersphere v1.15.4 via the "orders" parameter...

CVE-2021-45788

CVE-2021-45788 describes a time-based SQL injection in Metersphere v1.15.4 exposed via the orders parameter. Affected software: Metersphere 1.15.4. Vulnerable component/flows: endpoint handling the orders parameter (time-based SQLi root cause per sources). Impact: high (CVE's CVSS 3.1 base score ...

CVE-2021-28022

Blind SQL injection in the login form in ServiceTonic Helpdesk software 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries...

CVE-2021-28022

CVE-2021-28022 affects ServiceTonic Helpdesk software prior to 9.0.35937. The root cause is a blind SQL injection in the login form, allowing an attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries. Affected product: ServiceTonic Helpdesk. Impact stated i...

CVE-2021-28022

Blind SQL injection in the login form in ServiceTonic Helpdesk software 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries...

Online Motorcycle (Bike) Rental System 1.0 SQL Injection

Exploit Title: Online Motorcycle Bike Rental System 1.0 - Blind Time-Based SQL Injection Unauthenticated Exploit Author: Chase ComardelleCASO Date: October 18, 2021 Vendor Homepage: https://www.sourcecodester.com/php/14989/online-motorcycle-bike-rental-system-phpoop-source-code.html Software Link...

Kliqqi-Cms SQL注入漏洞

Kliqqi-Cms is an open source Cms that provides social publishing software. Kliqqi-Cms suffers from a SQL injection vulnerability that stems from a time-based SQL injection vulnerability in the $recordIDValue parameter in the adminupdatemodulewidgets.php file in version 2.0.2 of Kliqqi-Cms...

Poll Maker < 3.4.2 - Unauthenticated Time Based SQL Injection

The plugin allows unauthenticated users to perform SQL injection via the aysfinishpoll AJAX action. While the result is not disclosed in the response, it is possible to use a timing attack to exfiltrate data such as password hash. This requires a valid nonce, which can be obtained by going to a...

CVE-2021-36621

Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulnerable to SQL Injection. The username parameter is vulnerable to time-based SQL injection. Upon successful dumping the admin password hash, an attacker can decrypt and obtain the plain-text password. Hence, the attacker could...

CVE-2021-36621

CVE-2021-36621 affects Sourcecodester Online Covid Vaccination Scheduler System 1.0. The vulnerability is a SQL Injection in the username parameter, described as a time-based injection that can dump the admin password hash and allow an attacker to decrypt it to obtain the plaintext password, enab...

PEEL Shopping 9.3.0 - (id) Time-based SQL Injection Vulnerability

Exploit Title: PEEL Shopping 9.3.0 - 'id' Time-based SQL Injection Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://www.peel.fr Software Link: https://sourceforge.net/projects/peel-shopping/files/peel-shopping930.zip/download Version: prior to 9.4.0 Tested on:...

CVE-2021-24185

The tutorplacerating AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students...

CVE-2021-24185 Tutor LMS < 1.7.7 - SQL Injection via tutor_place_rating

The tutorplacerating AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students...

CVE-2020-35151

CVE-2020-35151 affects The Online Marriage Registration System 1.0. The vulnerability is a Time-Based SQL Injection in the post parameter searchdata of user/search.php (and noted in admin/search.php in the exploit). Root cause: lack of input validation for searchdata, enabling attacker-controlled...

CVE-2020-35151

The Online Marriage Registration System 1.0 post parameter "searchdata" in the user/search.php request is vulnerable to Time Based Sql Injection...

CVE-2020-35545

Time-based SQL injection exists in Spotweb 1.4.9 via the query string...

CVE-2020-26944

An issue was discovered in Aptean Product Configurator 4.61.0000 on Windows. A Time based SQL injection affects the nameTxt parameter on the main login page aka cse?cmd=LOGIN. This can be exploited directly, and remotely...

On the CMSMS SQL injection vulnerability in the reproduction and analysis and use-vulnerability and early warning-the black bar safety net

CMS Made SimpleCMSMSis a simple and convenient content management system which uses PHP, MySQL and Smarty template engine development, having a role-based rights management system, wizard-based installation and update mechanism, the system resources occupy less, while the included file management...