328 matches found
SuperStoreFinder - Multiple Vulnerabilities
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title SuperStoreFinder - Multiple Vulnerabilities .:. Google Dorks .:. "designed and built by Joe Iz." "Super Store Finder is designed and built by Joe Iz from Highwarden Huntsman." inurl:/superstorefinder/index.php ....
SuperStoreFinder 3.7 XSS / CSRF / Command Execution
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title SuperStoreFinder - Multiple Vulnerabilities .:. Google Dorks .:. "designed and built by Joe Iz." "Super Store Finder is designed and built by Joe Iz from Highwarden Huntsman." inurl:/superstorefinder/index.php ....
VulnCheck KEV: CVE-2024-1061
The 'HTML5 Video Player' WordPress Plugin, version 2.5.25 is affected by an unauthenticated SQL injection vulnerability in the 'id' parameter in the 'getview' function...
xbtitFM 4.1.18 SQL Injection / Shell Upload / Traversal Vulnerabilities
xbtitFM versions 4.1.18 and below suffer from remote shell upload, remote SQL injection, and path traversal vulnerabilities. Exploit Title: xbtitFM 4.1.18 Multiple Vulnerabilities Exploit Author: Who cares anyway Vendor Homepage: https://xbtitfm.eu Affected versions: 4.1.18 and prior CVE : Who...
CVE-2023-50866
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginAction.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-50865
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'city' parameter of the hotelSearch.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-50862
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-50866 Travel Website v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginAction.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-50862 Travel Website v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-50862
This CVE affects Travel Website v1.0. The vulnerability is an unauthenticated SQL Injection in the booking.php resource, triggered by the hotelIDHidden parameter where input is not properly validated and is sent unfiltered to the database. Impact is described as high for confidentiality, integrit...
CVE-2023-50862 Travel Website v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-50743
Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the registration.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-49665
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'quantity' parameter of the submitdeliverylist.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-49665
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'quantity' parameter of the submitdeliverylist.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-50753
CVE-2023-50753 affects Online Notice Board System v1.0. The vulnerability is an unauthenticated SQL injection in the dd parameter of the user/update_profile.php endpoint, where input is not validated and is sent unfiltered to the database. This results in potential data exposure/modification due ...
CVE-2023-50752 Online Notice Board System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'e' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-49665 Billing Software v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'quantity' parameter of the submitdeliverylist.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-49658 Billing Software v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'bankdetails' parameter of the partysubmit.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-49639
The CVE-2023-49639 issue affects Billing Software v1.0, where the vulnerable component is the customer_details parameter of buyer_invoice_submit.php. The root cause is lack of input validation, allowing unauthenticated SQL Injection by sending unfiltered data to the database. Documented impact is...
CVE-2023-49633
The CVE-2023-49633 entry denotes a vulnerability in Billing Software v1.0 (Kashipara Billing Software) where the input in the buyer_address parameter of buyer_detail_submit.php is not validated before being sent to the database, enabling unauthenticated SQL injection. The issue affects the affect...