608 matches found
CVE-2019-25529 Placeto CMS Alpha rv.4 SQL Injection via page Parameter
Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Attackers can send GET requests to the admin/edit.php endpoint with malicious 'page' values using boolean-based...
CVE-2019-25529
Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Attackers can send GET requests to the admin/edit.php endpoint with malicious 'page' values using boolean-based...
CVE-2019-25529 Placeto CMS Alpha rv.4 SQL Injection via page Parameter
Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Attackers can send GET requests to the admin/edit.php endpoint with malicious 'page' values using boolean-based...
CVE-2019-25529
Placeto CMS Alpha rv.4 contains an authenticated SQL injection vulnerability in the admin/edit.php endpoint via the page parameter. Attackers can craft GET requests to extract data using boolean-based blind, time-based blind, or union-based techniques without user interaction, with LOW privileges...
PT-2026-24989
Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Attackers can send GET requests to the admin/edit.php endpoint with malicious 'page' values using boolean-based...
CVE-2018-25171
EdTv 2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the admin/editsource endpoint with crafted SQL UNION statements to extract database...
CVE-2018-25171 EdTv 2 SQL Injection via id Parameter
EdTv 2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the admin/editsource endpoint with crafted SQL UNION statements to extract database...
CVE-2018-25171 EdTv 2 SQL Injection via id Parameter
EdTv 2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the admin/editsource endpoint with crafted SQL UNION statements to extract database...
CVE-2018-25171
EdTv 2 contains an SQL injection vulnerability exploitable by unauthenticated attackers via the id parameter in GET requests to admin/edit_source, enabling extraction of database information (schemas, credentials, version). The issue is triggered by crafted SQL UNION statements. Public references...
EdTv 代码问题漏洞
EdTv is an online video publishing platform operated by EdTv Corporation. Version 2 of EdTv has a code vulnerability; this vulnerability stems from SQL injection in the id parameter within the admin/editsource section, which may allow for the execution of arbitrary SQL queries and the extraction ...
PT-2026-23683
EdTv 2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the admin/edit source endpoint with crafted SQL UNION statements to extract database...
CVE-2026-26700
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/editemployee.php...
EUVD-2026-9204
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/editemployee.php...
Personnel Property Equipment System 安全漏洞
Personnel Property Equipment System is a personnel property equipment management system developed by Jon Remus Sevellejo. Version 1.0 of the sourcecodester Personnel Property Equipment System contains a security vulnerability, which stems from an SQL injection vulnerability in the...
CVE-2026-26701
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/edittecnicaluser.php...
PT-2026-22654
Name of the Vulnerable Software and Affected Versions sourcecodester Personnel Property Equipment System version 1.0 Description The software is susceptible to SQL Injection in the '/ppes/admin/edit employee.php' endpoint. The vulnerability exists due to insufficient input validation when...
CVE-2026-26700
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/editemployee.php...
CVE-2019-25490
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' parameter. Attackers can send GET requests to the admin/edit.php endpoint with time-based SQL injection payloads to extract sensitive...
EUVD-2019-19716
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' parameter. Attackers can send GET requests to the admin/edit.php endpoint with time-based SQL injection payloads to extract sensitive...
CVE-2019-25490
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' parameter. Attackers can send GET requests to the admin/edit.php endpoint with time-based SQL injection payloads to extract sensitive...