325 matches found
CVE-2023-45018 Online Bus Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the includes/login.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-45017
The connected PT-2023-29358 entry identifies CVE-2023-45017 as an unauthenticated SQL Injection in Online Bus Booking System v1.0, caused by lack of validation on the destination parameter in search.php. This allows unfiltered input to reach the database; impact could include data disclosure or m...
CVE-2023-45012 Online Bus Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'useremail' parameter of the businfo.php resource does not validate the characters received and they are sent unfiltered to the database...
PT-2023-29522 · Unknown · Online Food Ordering System
Name of the Vulnerable Software and Affected Versions: Online Food Ordering System version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities in the Online Food Ordering System. Specifically, the role parameter of the routers/user-router.php resource does n...
PT-2023-29514 · Unknown · Online Food Ordering System
Name of the Vulnerable Software and Affected Versions: Online Food Ordering System version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. Specifically, the type parameter of the "routers/add-ticket.php" resource does not validate the characters receive...
PT-2023-29413 · Unknown · Online Examination System
Name of the Vulnerable Software and Affected Versions: Online Examination System version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. Specifically, the subject parameter of the "feed.php" resource does not validate the characters received, sending th...
CVE-2023-44267 Online Art Gallery v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'lnm' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-26581
Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
CVE-2023-27260
Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
PT-2023-21033 · Idweb · Idweb
Name of the Vulnerable Software and Affected Versions: IDWeb application versions 3.1.052 and earlier Description: The issue is related to an unauthenticated SQL injection in the GetRoomChanges method, allowing unauthenticated attackers to extract or modify all data. Recommendations: For versions...
CVE-2023-44164 Online Movie Ticket Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
The 'Email' parameter of the processlogin.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-43739 Online Book Store Project v1.0 - Unauthenticated SQL Injection (SQLi)
The 'bookisbn' parameter of the cart.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-43739 Online Book Store Project v1.0 - Unauthenticated SQL Injection (SQLi)
The 'bookisbn' parameter of the cart.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-4485
ARDEREG Sistema SCADA Central versions 2.203 and prior login page are vulnerable to an unauthenticated blind SQL injection attack. An attacker could manipulate the application's SQL query logic to extract sensitive information or perform unauthorized actions within the database. In this case, th...
PT-2023-7493 · Asus · Asus Rt-Ax92U
Name of the Vulnerable Software and Affected Versions: ASUS RT-AX92U affected versions not specified Description: This issue allows network-adjacent attackers to disclose sensitive information on affected ASUS RT-AX92U routers. The flaw exists within the mod webdav.so module, where the process do...
PT-2023-15409 · Unknown · Themefic Ultimate Addons For Contact Form 7
Name of the Vulnerable Software and Affected Versions: Themefic Ultimate Addons for Contact Form 7 plugin versions prior to 3.1.24 Description: The issue is related to an Unauth. SQL Injection SQLi vulnerability. This means that an attacker could potentially inject malicious SQL code into the...
PT-2023-12759 · Audiocodes · Audiocodes Device Manager Express
Name of the Vulnerable Software and Affected Versions: AudioCodes Device Manager Express versions through 7.8.20002.47752 Description: The issue is an unauthenticated SQL injection in the p parameter of the "process login.php" login form. This allows for potential exploitation without the need fo...
Companymaps 8.0 SQL Injection
Exploit Title: Unauthenticated SQL injection - Google Dork: - Date: 27.04.2023 - Exploit Author: Lucas Noki 0xPrototype - Vendor Homepage: https://github.com/vogtmh - Software Link: https://github.com/vogtmh/cmaps - Version: 8.0 - Tested on: Mac, Windows, Linux - CVE : CVE-2023-29809 Description:...
Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated SQLi
The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. Submit a message in the chatbox, intercept the request using Burp Suite for example. Edit the request to reflect this request:...
Wordfence Intelligence CE Weekly Vulnerability Report (Feb 13, 2023 to Feb 19, 2023)
Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence Community Edition. This database is continuously updated, maintained, and populated by Wordfences highly credentialed and experienced...