4663 matches found
CVE-2024-38773 WordPress formlift plugin <= 7.5.17 - Unauthenticated Blind SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Blind SQL Injection.This issue affects FormLift for Infusionsoft Web Forms: from n/a through 7.5.17...
CVE-2024-38773
CVE-2024-38773: WordPress FormLift for Infusionsoft Web Forms (
Exploit for SQL Injection in Machform
Description MachForm up to version 19 is affected by an authen...
CVE-2024-3816
Sites managed in S@M CMS Concept Intermedia might be vulnerable to a blind SQL Injection executed using the search bar. Only a part of observed services is vulnerable, but since vendor has not investigated the root problem, it is hard to determine when the issue appears...
CVE-2024-3816
The CVE-2024-3816 entry concerns the S@M CMS (Concept Intermedia) platform. It states a blind SQL Injection vulnerability exploitable via the search bar, affecting only a subset of observed services; the vendor has not investigated the root cause to determine when it occurs. The CVSS v3.1 metrics...
PT-2024-27894 · Concept Intermedia · S@M Cms
Name of the Vulnerable Software and Affected Versions: S@M CMS Concept Intermedia affected versions not specified Description: The issue concerns a blind SQL Injection that can be executed using the search bar in sites managed by S@M CMS. It is noted that only a part of the observed services is...
Lost And Found Information System 1.0 SQL Injection
Exploit Title: Unauthenticated Blind Time-Based SQL Injection Exploit - Lost and Found Information System Exploit Author: Amit Roy Rezur / AR0x7 Date: June 07, 2024 Vendor Homepage:...
Lost And Found Information System 1.0 SQL Injection
Exploit Title: Unauthenticated Blind Boolean-Based SQL Injection Exploit - Lost and Found Information System Exploit Author: Amit Roy Rezur / AR0x7 Date: June 07, 2024 Vendor Homepage:...
FengOffice 3.11.1.2 SQL Injection
Exploit Title: FengOffice - Blind SQL Injection Date: 06/2024 Exploit Author: Andrey Stoykov Version: 3.11.1.2 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2024/05/friday-fun-pentest-series-6.html Steps to Reproduce: 1. Login to application 2. Click on "Workspaces" 3. Copy full U...
CVE-2024-30163
Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store\store::categoryView method, where user input passed through the filter request parameter is not properly sanitized before being used to execute SQL queries...
CVE-2024-30163
Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store\store::categoryView method, where user input passed through the filter request parameter is not properly sanitized before being used to execute SQL queries...
CVE-2024-30163
Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store\store::categoryView method, where user input passed through the filter request parameter is not properly sanitized before being used to execute SQL queries...
CVE-2024-30163
Summary (CVE-2024-30163): IPS Community Suite prior to 4.7.16 is affected by an unauthenticated SQL injection in the store.php path, specifically IPS\nexus\modules\front\store_store::_categoryView() where input passed via filter is not sanitized before SQL execution. This allows blind SQL injecti...
CVE-2024-4890
A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'userid' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability b...
CVE-2024-5329 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.109 - Authenticated (Contributor+) Blind SQL Injection via data[addonID] Parameter
The Unlimited Elements For Elementor Free Widgets, Addons, Templates plugin for WordPress is vulnerable to blind SQL Injection via the ‘dataaddonID’ parameter in all versions up to, and including, 1.5.109 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...
CVE-2024-22120
Mode C CVE-2024-22120 affects Zabbix Server where command execution can be triggered through configured scripts. The root cause is inadequate sanitization of the clientip field, enabling a time-based blind SQL injection that can be exploited after a command runs and an audit entry is written to t...
CVE-2024-22120 Time Based SQL Injection in Zabbix Server Audit Log
Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection...
CVE-2024-22120 Time Based SQL Injection in Zabbix Server Audit Log
Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection...
CVE-2024-34472
An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An authenticated blind SQL injection vulnerability exists in the mliRealtimeEmails.php file. The ordemGrid parameter in a POST request to /mailinspector/mliRealtimeEmails.php does not properly sanitize input, allowing an...
PT-2024-25923 · Hsc · Hc Mailinspector
Name of the Vulnerable Software and Affected Versions: HSC Mailinspector versions 5.2.17-3 through 5.2.18 Description: An authenticated blind SQL injection issue exists in the mliRealtimeEmails.php file. The ordemGrid parameter in a POST request to "/mailinspector/mliRealtimeEmails.php" does not...