77 matches found
CVE-2023-2484 Active Directory Integration / LDAP Integration <= 4.1.4 - Authenticated (Administrator+) SQL Injection
The Active Directory Integration plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th...
CVE-2023-2608
The Multiple Page Generator Plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to missing nonce verification on the projectslist function and insufficient escaping o...
Helmet Store Showroom 1.0 SQL Injection Exploit
Exploit Title: Helmet Store Showroom 1.0 - authenticated SQL Injection Exploit Author: syad Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/15851/helmet-store-showroom-site-php-and-mysql-free-source-code.html Version: 1.0 Tested on: Windows 10 +...
CVE-2022-26959
CVE-2022-26959 describes two full Blind/Time-based SQL injection vulnerabilities in Northstar Club Management v6.3. The flaws affect: (1) processlogin.jsp in /northstar/Portal/ via the userName parameter, and (2) login.jsp in /northstar/iphone/ via the userID parameter. Exploitation could grant f...
CVE-2022-34956
Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the pagesize parameter at loaddataforgroups.php...
Coffee Shop Cashiering System 1.0 SQL Injection
Exploit Title: Coffee Shop Cashiering System - Authenticated Time Based Sql injection Date: 27-06-2022 Exploit Author: syad Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/cscs.zip Version: 1.0 Tested on: Windows...
CVE-2021-43969
The CVE-2021-43969 entry concerns Quicklert for Digium 10.0.0 (1043). The vulnerability is a SQL injection in login.jsp (uname parameter) that enables Blind SQL Injection with Out-of-Band Interaction (DNS) and Blind Time-Based SQL Injections. Impact described in sources is disclosure of all data ...
CVE-2021-45788
Time-based SQL Injection vulnerabilities were found in Metersphere v1.15.4 via the "orders" parameter...
CVE-2021-45788
CVE-2021-45788 describes a time-based SQL injection in Metersphere v1.15.4 exposed via the orders parameter. Affected software: Metersphere 1.15.4. Vulnerable component/flows: endpoint handling the orders parameter (time-based SQLi root cause per sources). Impact: high (CVE's CVSS 3.1 base score ...
Online Motorcycle (Bike) Rental System 1.0 SQL Injection
Exploit Title: Online Motorcycle Bike Rental System 1.0 - Blind Time-Based SQL Injection Unauthenticated Exploit Author: Chase ComardelleCASO Date: October 18, 2021 Vendor Homepage: https://www.sourcecodester.com/php/14989/online-motorcycle-bike-rental-system-phpoop-source-code.html Software Link...
Poll Maker < 3.4.2 - Unauthenticated Time Based SQL Injection
The plugin allows unauthenticated users to perform SQL injection via the aysfinishpoll AJAX action. While the result is not disclosed in the response, it is possible to use a timing attack to exfiltrate data such as password hash. This requires a valid nonce, which can be obtained by going to a...
CVE-2021-36621
Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulnerable to SQL Injection. The username parameter is vulnerable to time-based SQL injection. Upon successful dumping the admin password hash, an attacker can decrypt and obtain the plain-text password. Hence, the attacker could...
CVE-2021-36621
CVE-2021-36621 affects Sourcecodester Online Covid Vaccination Scheduler System 1.0. The vulnerability is a SQL Injection in the username parameter, described as a time-based injection that can dump the admin password hash and allow an attacker to decrypt it to obtain the plaintext password, enab...
PEEL Shopping 9.3.0 - (id) Time-based SQL Injection Vulnerability
Exploit Title: PEEL Shopping 9.3.0 - 'id' Time-based SQL Injection Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://www.peel.fr Software Link: https://sourceforge.net/projects/peel-shopping/files/peel-shopping930.zip/download Version: prior to 9.4.0 Tested on:...
CVE-2021-24185 Tutor LMS < 1.7.7 - SQL Injection via tutor_place_rating
The tutorplacerating AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students...
CVE-2020-35151
CVE-2020-35151 affects The Online Marriage Registration System 1.0. The vulnerability is a Time-Based SQL Injection in the post parameter searchdata of user/search.php (and noted in admin/search.php in the exploit). Root cause: lack of input validation for searchdata, enabling attacker-controlled...
CVE-2020-35151
The Online Marriage Registration System 1.0 post parameter "searchdata" in the user/search.php request is vulnerable to Time Based Sql Injection...
CVE-2020-35545
Time-based SQL injection exists in Spotweb 1.4.9 via the query string...
CVE-2020-26944
An issue was discovered in Aptean Product Configurator 4.61.0000 on Windows. A Time based SQL injection affects the nameTxt parameter on the main login page aka cse?cmd=LOGIN. This can be exploited directly, and remotely...
CVE-2017-11738
The CVE-2017-11738 entry concerns Zoho ManageEngine Application Manager affected before 14.6 Build 14660. The vulnerability is a Time-based Blind SQL Injection in the haid parameter of the /auditLogAction.do module, indicating a database query manipulation flaw that could disclose or alter data u...