Mumara Classic 2.93 - (license) SQL Injection (Unauthenticated) Vulnerability

Exploit Title: Mumara Classic 2.93 - 'license' SQL Injection Unauthenticated Exploit Author: v0yager Shain Lakin Vendor Homepage: https://mumara.com Version: = 2.93 Tested on: CentOS 7 -==== Vulnerability ====- An SQL injection vulnerability in licenseupdate.php in Mumara Classic through 2.93...

Wuzhi CMS SQL Injection (CVE-2021-40674)

An SQL injection vulnerability exists in Wuzhi CMS. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

Pentaho Business Analytics / Pentaho Business Server 9.1 SQL Injection Vulnerability

Pentaho allows users to create and manage Data Sources. Users can select a Data Source when creating a Dashboard through the Pentaho User Console. When a Data Source is added, Pentaho makes a HTTP request to the dashboards editor /pentaho/api/repos/dashboards/editor in order to test the connectio...

SQL Injection

dolphinScheduleris is vulnerable to SQL injection. The vulnerability exists due to lack of sanitization of user input in data source center, allowing authorized malicious users to inject and execute arbitrary SQL Queries...

The vulnerability of the information system openSIS, related to the failure to protect the SQL query structure, allows a perpetrator to execute arbitrary SQL queries.

The vulnerability of the information system openSIS is related to the failure to implement measures to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries using the NamesList.php parameter...

The vulnerability of the information system openSIS, related to the failure to protect the SQL query structure, allows a perpetrator to execute arbitrary SQL queries.

The vulnerability of the information system openSIS is related to the failure to implement measures to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries using the ResetUserInfo.php passwordstnid parameter...

CVE-2021-41154

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions an attacker with read access to a "SVN core" repository could execute arbitrary SQL queries. The following versions contain the fix: Tuleap Community Edition 11.17.99.144,...

CVE-2021-41147

CVE-2021-41147 affects Tuleap Open ALM. An attacker with admin rights in a single agile dashboard service can execute arbitrary SQL queries, impacting Community Edition < 11.16.99.173 and Enterprise Edition < 11.16-6 /

Nagios XI SQL Injection Vulnerability (CNVD-2021-90908)

Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting, and rich data visualization.A SQL injection vulnerability exists in the bulk modification feature of Nagios XI versions prior to 5.8.5. An attacker could exploit...

CVE-2021-33177

The Bulk Modifications functionality in Nagios XI versions prior to 5.8.5 is vulnerable to SQL injection. Exploitation requires the malicious actor to be authenticated to the vulnerable system, but once authenticated they would be able to execute arbitrary sql queries...

SourceCodester Hotel and Lodge Management System SQL Injection Vulnerability (CNVD-2021-95730)

SourceCodester Hotel and Lodge Management System is a hotel and lodge management system. SourceCodester Hotel and Lodge Management System suffers from a SQL injection vulnerability that can be exploited by an attacker to execute arbitrary SQL commands via email parameters...

CVE-2021-40842

Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. A malicious URL visited by anyone with network access to the...

CVE-2021-40842

Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. A malicious URL visited by anyone with network access to the...

CVE-2020-21012

Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the email parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details...

Nuance Winscribe Dictation SQL Injection (CVE-2021-37599)

An SQL injection vulnerability exists in Nuance Winscribe Dictation. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

Simple Attendance System 1.0 SQL Injection

Exploit Title: Simple Attendance System 1.0 - Unauthenticated Blind SQLi Exploit Author: t//\1 Date: September 21, 2021 Vendor Homepage: https://www.sourcecodester.com/php/14948/simple-attendance-system-php-and-sqlite-free-source-code.html Tested on: Linux Version: v1.0 Exploit Description: The...

The vulnerability of the software for selling tickets at theme parks, the Theme Park Ticketing System, arises from the lack of measures taken to protect the SQL query structure. This allows a hacker to execute arbitrary SQL code.

The vulnerability of the software for selling tickets at theme parks, the Theme Park Ticketing System, is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code by executing the viewuser.php...

PHPGurukul Apartment Visitors Management System SQL Injection Vulnerability

PHPGurukul Apartment Visitors Management System is an apartment visitor management system from the PHPGurukul team.A SQL injection vulnerability exists in PHPGurukul Apartment Visitors Management System version 1.0, which could be exploited by attackers to The vulnerability can be exploited to...

CVE-2021-38706

messagesload.php in ClinicCases 7.3.3 suffers from a blind SQL injection vulnerability, which allows low-privileged attackers to execute arbitrary SQL commands through a vulnerable parameter...

Rapid7 Nexpose SQL Injection (CVE-2020-7383)

An SQL injection vulnerability exists in Rapid7 Nexpose. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...