CVE-2024-30163

Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store\store::categoryView method, where user input passed through the filter request parameter is not properly sanitized before being used to execute SQL queries...

CVE-2024-30163

Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store\store::categoryView method, where user input passed through the filter request parameter is not properly sanitized before being used to execute SQL queries...

CVE-2024-30163

Summary (CVE-2024-30163): IPS Community Suite prior to 4.7.16 is affected by an unauthenticated SQL injection in the store.php path, specifically IPS\nexus\modules\front\store_store::_categoryView() where input passed via filter is not sanitized before SQL execution. This allows blind SQL injecti...

CVE-2024-4890

A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'userid' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability b...

CVE-2024-5329 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.109 - Authenticated (Contributor+) Blind SQL Injection via data[addonID] Parameter

The Unlimited Elements For Elementor Free Widgets, Addons, Templates plugin for WordPress is vulnerable to blind SQL Injection via the ‘dataaddonID’ parameter in all versions up to, and including, 1.5.109 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

CVE-2024-22120

Mode C CVE-2024-22120 affects Zabbix Server where command execution can be triggered through configured scripts. The root cause is inadequate sanitization of the clientip field, enabling a time-based blind SQL injection that can be exploited after a command runs and an audit entry is written to t...

CVE-2024-22120 Time Based SQL Injection in Zabbix Server Audit Log

Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection...

CVE-2024-22120 Time Based SQL Injection in Zabbix Server Audit Log

Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection...

CVE-2024-34472

An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An authenticated blind SQL injection vulnerability exists in the mliRealtimeEmails.php file. The ordemGrid parameter in a POST request to /mailinspector/mliRealtimeEmails.php does not properly sanitize input, allowing an...

PT-2024-25923 · Hsc · Hc Mailinspector

Name of the Vulnerable Software and Affected Versions: HSC Mailinspector versions 5.2.17-3 through 5.2.18 Description: An authenticated blind SQL injection issue exists in the mliRealtimeEmails.php file. The ordemGrid parameter in a POST request to "/mailinspector/mliRealtimeEmails.php" does not...

PT-2024-24985 · WordPress · Rtmedia For Wordpress

Name of the Vulnerable Software and Affected Versions: rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress versions up to, and including, 4.6.18 Description: The issue allows authenticated attackers with contributor-level access and above to perform blind SQL Injection via the...

Best Student Result Management System v1.0 - Multiple SQLi

Title: Best Student Result Management System v1.0 - Multiple SQLi Author: nu11secur1ty Date: 04/08/2024 Vendor: https://www.mayurik.com/ Software: https://www.sourcecodester.com/php/15653/best-student-result-management-system-project-source-code-php-and-mysql-free-download Reference:...

CVE-2024-28094 Blind SQL Injection in Chat functionality in Schoolbox

Chat functionality in Schoolbox application before version 23.1.3 is vulnerable to blind SQL Injection enabling the authenticated attackers to read, modify, and delete database records...

Schoolbox SQL Injection Vulnerability

Schoolbox is an online learning platform from Schoolbox Australia. A SQL injection vulnerability exists in Schoolbox versions prior to 23.1.3, which stems from vulnerability to a blind SQL injection attack that allows an authenticated attacker to read, modify, and delete database records...

PT-2024-22261 · Schoolbox · Schoolbox

Name of the Vulnerable Software and Affected Versions: Schoolbox versions prior to 23.1.3 Description: The issue concerns a blind SQL Injection vulnerability in the chat functionality of the Schoolbox application. This vulnerability allows authenticated attackers to read, modify, and delete...

CVE-2024-25893

ChurchCRM 5.5.0 FRCertificates.php is vulnerable to Blind SQL Injection Time-based via the CurrentFundraiser GET parameter...

CVE-2024-25892

ChurchCRM 5.5.0 ConfirmReport.php is vulnerable to Blind SQL Injection Time-based via the familyId GET parameter...

CVE-2024-25897

ChurchCRM 5.5.0 FRCatalog.php is vulnerable to Blind SQL Injection Time-based via the CurrentFundraiser GET parameter...

CVE-2024-25893

ChurchCRM 5.5.0 FRCertificates.php is vulnerable to Blind SQL Injection Time-based via the CurrentFundraiser GET parameter...

CVE-2024-25896

ChurchCRM 5.5.0 EventEditor.php is vulnerable to Blind SQL Injection Time-based via the EID POST parameter...