3656 matches found
GHSA-P864-FQGV-92Q4 OpenSTAManager has a Time-Based Blind SQL Injection in Article Pricing Module
Summary Critical Time-Based Blind SQL Injection vulnerability in the article pricing module of OpenSTAManager v2.9.8 allows authenticated attackers to extract complete database contents including user credentials, customer data, and financial records through time-based Boolean inference attacks...
EUVD-2026-5641
OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the article pricing completion handler. The application fails to properly sanitize the idarticolo...
CVE-2026-24416
OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the article pricing completion handler. The application fails to properly sanitize the idarticolo...
CVE-2026-24416 OpenSTAManager has a Time-Based Blind SQL Injection in Article Pricing Module
OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the article pricing completion handler. The application fails to properly sanitize the idarticolo...
CVE-2026-24416 OpenSTAManager has a Time-Based Blind SQL Injection in Article Pricing Module
OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the article pricing completion handler. The application fails to properly sanitize the idarticolo...
CVE-2026-24416
CVE-2026-24416 affects OpenSTAManager (v2.9.8 and earlier). A critical Time-Based Blind SQL Injection exists in the article pricing completion path, triggered via the GET parameter idarticolo in the /modules/articoli/ajax/complete.php endpoint. The root cause is an inconsistent query construction...
CVE-2026-24416 OpenSTAManager has a Time-Based Blind SQL Injection in Article Pricing Module
OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the article pricing completion handler. The application fails to properly sanitize the idarticolo...
CVE-2020-37004
Ultimate Project Manager CRM PRO 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tblusers database table. Attackers can exploit the /frontend/getarticlesuggestion/ endpoint by crafting malicious search parameters to...
CVE-2020-37004
The Ultimate Project Manager CRM PRO version 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tblusers database table. Attackers can exploit the /frontend/getarticlesuggestion/ endpoint by crafting malicious search paramete...
CVE-2020-37004 Ultimate Project Manager CRM PRO 2.0.5 - SQLi Credentials Leakage
The Ultimate Project Manager CRM PRO version 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tblusers database table. Attackers can exploit the /frontend/getarticlesuggestion/ endpoint by crafting malicious search paramete...
CVE-2020-37004
Ultimate Project Manager CRM PRO 2.0.5 is affected by a blind SQL injection vulnerability in the /frontend/get_article_suggestion/ endpoint. An attacker can craft malicious search parameters to perform boolean-based inference and progressively extract usernames and password hashes from the tbl_us...
PT-2026-5279
Name of the Vulnerable Software and Affected Versions Ultimate Project Manager CRM PRO version 2.0.5 Description A blind SQL injection allows attackers to extract usernames and password hashes from the tbl users database table. This is achieved by crafting malicious search parameters at the...
Azure File Sync Agent v22.0 Release – December 2025 (KB5056967)
Update Rollup for Azure File Sync agent version 22.0.0.0. For more details, see the associated Microsoft Knowledge Base article...
Azure File Sync Agent v22.0 Release – December 2025 (KB5056967)
Update Rollup for Azure File Sync agent version 22.0.0.0. For more details, see the associated Microsoft Knowledge Base article...
CVE-2021-47906
BloofoxCMS 0.5.2.1 contains a stored cross-site scripting vulnerability in the articles text parameter that allows authenticated attackers to inject malicious scripts. Attackers can insert malicious javascript payloads in the text field to execute scripts and potentially steal authenticated users...
CVE-2021-47906
BloofoxCMS 0.5.2.1 contains a stored cross-site scripting vulnerability in the articles text parameter that allows authenticated attackers to inject malicious scripts. Attackers can insert malicious javascript payloads in the text field to execute scripts and potentially steal authenticated users...
CVE-2021-47906 BloofoxCMS 0.5.2.1 - 'text' Stored Cross Site Scripting
BloofoxCMS 0.5.2.1 contains a stored cross-site scripting vulnerability in the articles text parameter that allows authenticated attackers to inject malicious scripts. Attackers can insert malicious javascript payloads in the text field to execute scripts and potentially steal authenticated users...
bloofoxCMS security vulnerabilities
BloofoxCMS is a content management system for text-based data, developed by the individual developer of bloofoxCMS. Version 0.5.2.1 of BloofoxCMS has a security vulnerability; this vulnerability stems from a storage-type XSS vulnerability in the articles text parameter, which may allow for the...
CVE-2025-40644
Reflected Cross-Site Scripting XSS vulnerability in Riftzilla's QRGen. This vulnerability allows an attavker to execute JavaScript code in the victim's browser by sending them a malicious URL using the 'id' parameter in '/article.php'. This vulnerability can be exploited to steal sensitive user...
CVE-2025-40644
CVE-2025-40644 is a Reflected Cross-Site Scripting (XSS) vulnerability in Riftzilla’s QRGen. An attacker can inject JavaScript via the id parameter in /article.php to run code in a victim’s browser, potentially stealing session cookies or performing actions on behalf of the user. The issue is doc...