Charity Management System CMS 1.0 - Multiple Vulnerabilities

Exploit Title: Charity Management System CMS 1.0 - Multiple Vulnerabilities Date: 18/08/2021 Exploit Author: Davide 't0rt3ll1n0' Taraschi Vendor Homepage: https://www.sourcecodester.com/users/tips23 Software Link:...

uListing < 2.0.4 - Unauthenticated SQL Injection

An Unauthenticated SQL Injection vulnerability was discovered in the plugin. Vulnerable parameters: custom. SQL Injection types: Error-based, Boolean-based Blind, Time-based Blind. PoC 1 | Unauthenticated SQL Injection | Tables: sqlmap...

WordPress uListing plugin <= 2.0.3 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by m0ze Patchstack Red Team in WordPress uListing plugin versions = 2.0.3. Solution Update the WordPress uListing plugin to the latest available version at least 2.0.4...

WordPress Edit Comments plugin <= 0.3 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by Shreya Pohekar in WordPress Edit Comments plugin versions = 0.3. Solution This plugin has been closed as of June 2, 2021 and is not available for download. Reason: Security Issue...

CVE-2021-35048

Vulnerability in Fidelis Network and Deception CommandPost enables unauthenticated SQL injection through the web interface. The vulnerability could lead to exposure of authentication tokens in some versions of Fidelis software. The vulnerability is present in Fidelis Network and Deception version...

CVE-2021-24361 GeoDirectory Location Manager < 2.1.0.10 - Multiple Unauthenticated SQL Injections

In the Location Manager WordPress plugin before 2.1.0.10, the AJAX action gdpopularlocationlist did not properly sanitise or validate some of its POST parameters, which are then used in a SQL statement, leading to unauthenticated SQL Injection issues...

VulnCheck KEV: CVE-2021-24295

It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. The updatelog function in lib/Cleantalk/ApbctWP/Firewall/SFW.php included a vulnerable query that could be...

Car Seller - Auto Classifieds Script <= 2.1.0 - Unauthenticated SQL Injection

The requestlistrequest AJAX call of the plugin, available to both authenticated and unauthenticated users, does not sanitise, validate or escape the orderid POST parameter before using it in a SQL statement, leading to a SQL Injection issue. curl 'https://example.com/wp-admin/admin-ajax.php' ...

Goto < 2.1 - Unauthenticated Blind SQL Injection

The theme did not sanitise, validate of escape the keywords GET parameter from its listing page before using it in a SQL statement, leading to an Unauthenticated SQL injection issue PoC sqlmap --url="https://example.com/tour-list/?keywords=13date=13" --random-agent -dbs --level=3 --threads=4...

Sql injection

An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The assetStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability...

SuperStoreFinder & SuperInteractiveMaps - Unauthenticated SQL Injections

The ssf-social-action.php and sim-wp-data.php files from the respective superstorefinder-wp = 5.0.12 AND time-based blind query SLEEP Payload: action=selectwpid=1 AND SELECT 7900 FROM SELECTSLEEP5gxXh Type: UNION query Title: Generic UNION query NULL - 7 columns Payload: action=selectwpid=1 UNION...

CVE-2021-3239

E-Learning System 1.0 suffers from an unauthenticated SQL injection vulnerability, which allows remote attackers to execute arbitrary code on the hosting web server and gain a reverse shell...

WordPress DiveBook plugin <= 1.1.4 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability found by Hooper Labs in WordPress DiveBook plugin versions = 1.1.4. Solution 2020-12-09 - we were unable to find a patched version of this plugin Last updated: 10 years ago...

CVE-2020-27481

An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin = 2.1.4 exists due to the usage of "wpajaxnopriv" call in WordPress, which allows any unauthenticated user to get access to the function "gdlrlmscancelbooking" where POST Parameter "id" was sent straight into SQL query witho...

Loginizer < 1.6.4 - Unauthenticated SQL Injection

The Loginizer WordPress plugin was found to be affected by an Unauthenticated SQL Injection vulnerability found by the security researcher mslavco. The vulnerability was triggered within the brute force protection functionality, which was enabled by default when the plugin was first installed. Wh...

Loginizer < 1.6.4 - Unauthenticated SQL Injection

The Loginizer WordPress plugin was found to be affected by an Unauthenticated SQL Injection vulnerability found by the security researcher mslavco. The vulnerability was triggered within the brute force protection functionality, which was enabled by default when the plugin was first installed. Wh...

WordPress RSVPMaker plugin <= 7.8.1 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability found by CBiu in WordPress RSVPMaker plugin versions = 7.8.1. Solution Update the WordPress RSVPMaker plugin to the latest available version at least 7.8.2...

CVE-2020-7356

CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinderseqid' in wayfindermeetinginput.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injectin...

CVE-2020-15626

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxdashboard.php. When parsing the term parameter, the proce...

Travel Booking < 2.8.4 - Unauthenticated SQL Injection

Unauthenticated SQL Injection via the locationid parameter sqlmap --url="https://example.com/search-rental-full-map/?locationid=1" -dbs --random-agent --time-sec=8 03:13:37 INFO resuming back-end DBMS 'mysql' sqlmap resumed the following injection points from stored session: --- Parameter:...