6 matches found
CVE-2020-37004
Ultimate Project Manager CRM PRO 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tblusers database table. Attackers can exploit the /frontend/getarticlesuggestion/ endpoint by crafting malicious search parameters to...
CVE-2020-37004
The Ultimate Project Manager CRM PRO version 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tblusers database table. Attackers can exploit the /frontend/getarticlesuggestion/ endpoint by crafting malicious search paramete...
CVE-2020-37004
Ultimate Project Manager CRM PRO 2.0.5 is affected by a blind SQL injection vulnerability in the /frontend/get_article_suggestion/ endpoint. An attacker can craft malicious search parameters to perform boolean-based inference and progressively extract usernames and password hashes from the tbl_us...
CVE-2020-37004 Ultimate Project Manager CRM PRO 2.0.5 - SQLi Credentials Leakage
The Ultimate Project Manager CRM PRO version 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tblusers database table. Attackers can exploit the /frontend/getarticlesuggestion/ endpoint by crafting malicious search paramete...
PT-2026-5279
Name of the Vulnerable Software and Affected Versions Ultimate Project Manager CRM PRO version 2.0.5 Description A blind SQL injection allows attackers to extract usernames and password hashes from the tbl users database table. This is achieved by crafting malicious search parameters at the...
CVE-2017-17999
SQL injection vulnerability in RISE Ultimate Project Manager 1.9 allows remote attackers to execute arbitrary SQL commands via the search parameter to index.php/knowledgebase/getarticlesuggestion/...