BIT-JOOMLA-2026-35221 Joomla! Core - [20260506] - Authenticated blind SQLi in com_finder

Improperly built filter clauses lead to a SQL injection vulnerability in the search query for comfinder...

CVE-2019-10852

Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers=startpulling= substring...

ABB Cylon Aspect 3.08.03 (productRemovalUpdate.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an authenticated blind OS...

ABB Cylon Aspect 3.08.03 (logMixDownload.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an authenticated blind OS...

ABB Cylon Aspect 3.08.02 (servicesUpdate.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an authenticated blind OS...

CVE-2024-30256

Open WebUI is a user-friendly WebUI for LLMs. Open-webui is vulnerable to authenticated blind server-side request forgery. This vulnerability is fixed in 0.1.117...

CVE-2024-30256

CVE-2024-30256 affects Open WebUI prior to version 0.1.117. The vulnerability is an authenticated blind server-side request forgery (SSRF) in the backend, specifically in the function download_file_stream() inside Open WebUI’s backend/apps/web/routers/utils.py, exploitable via the url parameter. ...

CVE-2021-24457 Portfolio Responsive Gallery < 1.1.8 - Authenticated Blind SQL Injections

The getportfolios and getportfolioattributes functions in the class-portfolio-responsive-gallery-list-table.php and class-portfolio-responsive-gallery-attributes-list-table.php files of the Portfolio Responsive Gallery WordPress plugin before 1.1.8 did not use whitelist or validate the orderby...

WordPress Survey Maker plugin <= 1.5.5 - Authenticated Blind SQL Injection (SQLi) vulnerability

Authenticated Blind SQL Injection SQLi vulnerability discovered by To Quang Duong in WordPress Survey Maker plugin versions = 1.5.5. Solution Update the WordPress Survey Maker plugin to the latest available version at least 1.5.6...

Popup box < 2.3.4 - Authenticated Blind SQL Injections

The getayspopupboxes and getpopupcategories functions of the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard Exploit All of them with same technique. SQLMAP:...

CVE-2020-12513

Pepperl+Fuchs Comtrol IO-Link Master Series is affected by CVE-2020-12513. Vulnerable versions include System 1.36 and Application 1.5.28 (and 1.5.48 and earlier per CVE listing) with an authenticated blind OS Command Injection. Fixed versions are System 1.52 and Application 1.6.11. The vulnerabi...

Sql injection

Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers&a=startpulling&id= substring...

rk-responsive-contact-form 1.0 - Authenticated Blind SQL Injection

The rk-responsive-contact-form WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability...

ZM Gallery 1.0 – Authenticated Blind SQL Injection

The plugin is still affected and has been closed. Type user access: admin user. $GET‘order’ is escaped wrong. Attack with Blind Injection PoC python sqlmap.py -u "http://www.example.com/wp-admin/admin.php?page=zmgallery=name=desc" --dbs --cookie="cookie of admin user" --level=5 --dbms=mysql...