328 matches found
Loginizer < 1.6.4 - Unauthenticated SQL Injection
The Loginizer WordPress plugin was found to be affected by an Unauthenticated SQL Injection vulnerability found by the security researcher mslavco. The vulnerability was triggered within the brute force protection functionality, which was enabled by default when the plugin was first installed. Wh...
WordPress RSVPMaker plugin <= 7.8.1 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability found by CBiu in WordPress RSVPMaker plugin versions = 7.8.1. Solution Update the WordPress RSVPMaker plugin to the latest available version at least 7.8.2...
CVE-2020-7356
CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinderseqid' in wayfindermeetinginput.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injectin...
CVE-2020-15626
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxdashboard.php. When parsing the term parameter, the proce...
Travel Booking < 2.8.4 - Unauthenticated SQL Injection
Unauthenticated SQL Injection via the locationid parameter sqlmap --url="https://example.com/search-rental-full-map/?locationid=1" -dbs --random-agent --time-sec=8 03:13:37 INFO resuming back-end DBMS 'mysql' sqlmap resumed the following injection points from stored session: --- Parameter:...
PT-2020-14545 · Centos · Centos Web Panel
Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to disclose sensitive information on affected installations. Authentication is not required to exploit this issue. The flaw exists within the ajax mail...
WordPress Official MailerLite Sign Up Forms plugin <= 1.4.3 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability found by Dave WebARX in WordPress Official MailerLite Sign Up Forms plugin versions = 1.4.3. Solution Update the WordPress Official MailerLite Sign Up Forms plugin to the latest available version at least 1.4.4...
CVE-2019-18866
Unauthenticated SQL injection via the username in the login mechanism in Blaauw Remote Kiln Control through v3.00r4 allows a user to extract arbitrary data from the rkc database...
CVE-2020-5308
PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, as demonstrated by the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName parameter in add-product.php. Recent assessments: cinzinga at March 09, 2020...
CVE-2016-9488
ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injection. The attacker could extract users' password hashes, whi...
WordPress User Control plugin <=2.1.0 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability found by JustThomas in WordPress User Control plugin versions =2.1.0. Solution This plugin has been closed and is no longer available for download. Please Deactivate and delete...
CVE-2017-14743
Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL injection via the Username element in an XML document to /onvif/deviceservice, as demonstrated by reading the admin password...
osTicket 1.10 - SQL Injection (PoC)
ADVISORY INFORMATION ======================================== Title: osTicket v1.10 Unauthenticated SQL Injection Application: osTicket Bugs: SQL Injection Class: Sensitive Information disclosure Remotely Exploitable: Yes Authentication Required: NO Versions Affected: = v1.10 Technology: PHP...
osTicket 1.10 - SQL Injection (PoC)
osTicket 1.10 - SQL Injection PoC 1. ADVISORY INFORMATION ======================================== Title: osTicket v1.10 Unauthenticated SQL Injection Application: osTicket Bugs: SQL Injection Class: Sensitive Information disclosure Remotely Exploitable: Yes Authentication Required: NO Versions...
osTicket 1.10 SQL Injection
ADVISORY INFORMATION ======================================== Title: osTicket v1.10 Unauthenticated SQL Injection Application: osTicket Bugs: SQL Injection Class: Sensitive Information disclosure Remotely Exploitable: Yes Authentication Required: NO Versions Affected: = v1.10 Technology: PHP...
EyesOfNetwork (EON) 5.1 SQL Injection
Exploit Title: EyesOfNetwork EON 5.1 Unauthenticated SQL Injection in eonweb leading to remote root Google Dork: intitle:EyesOfNetwork intext:"sponsored by AXIANS" Date: 29/03/2017 Exploit Author: Dany Bach Vendor Homepage: https://www.eyesofnetwork.com/ Software Link:...
Schoolhos CMS 2.29 Multiple vulnerabilities / RCE Exploit
Exploit for php platform in category web applications \x0d\x0a-----------------------------26518470919255\x0d\x0a\x0d\x0a' \ 'http://HOST/PATH/elearningku/proses.php?pilih=guru&untukdi=upload' php file...
PT-2016-4516 · Huge It · Huge-It Portfolio Gallery Plugin
Name of the Vulnerable Software and Affected Versions: Huge-IT Portfolio Gallery Plugin version 1.0.6 Description: The issue is related to an unauthenticated SQL Injection. No information is provided about the estimated number of potentially affected devices or real-world incidents...
WordPress Booking Calendar Contact Form 1.1.23 Plugin - Unauthenticated SQL Injection
Exploit for php platform in category web applications Exploit Title: WordPress appointment-booking-calendar =1.1.23 - Unauthenticated SQL injection Date: 2016-01-26 Google Dork: Index of /wordpress/wp-content/plugins/appointment-booking-calendar/ Exploit Author: Joaquin Ramirez Martinez i0akiN...
Support Ticket System <= 1.2 - Unauthenticated SQL Injection
The Support Ticket System WordPress plugin was affected by an Unauthenticated SQL Injection security vulnerability...