GaatiTrack Courier Management System 1.0 SQL Injection Vulnerability

Exploit Title: GaatiTrack Courier Management System v1.0 - SQL Injection Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.mayurik.com/ Software Link: https://www.mayurik.com/source-code/P0998/best-courier-management-system-project-in-php Version: v1.0 Teste...

Mars: Blind SQL Injection on █████ via URI Path

The vulnerability involved a time-based SQL injection attack on the target system via the URI path. The attack capitalized on vulnerabilities in the application's interactions with the database, allowing the attacker to extract information by purposefully delaying database processing and observin...

CVE-2023-33481

RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection attack in the 'start' GET parameter of patients/index.php...

Sql injection

Blind SQL injection in apiid parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query...

CVE-2023-33481

RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection attack in the 'start' GET parameter of patients/index.php...

CVE-2023-42283

The CVE-2023-42283 issue affects Tyk Gateway 5.0.3, where a blind SQL injection in the api_id parameter enables an attacker to access and dump the database. The root cause is the lack of input handling for the api_id parameter in the affected endpoint, as described in multiple sources. A PoC/expl...

CVE-2023-42284

Blind SQL injection in apiversion parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query...

CVE-2023-33481

RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection in the 'start' parameter of patients/index.php. The issue stems from improper handling of user input in that endpoint, enabling an attacker to infer data via time-based responses. Impact is described as high/confidentiality, integ...

CVE-2023-42284

CVE-2023-42284 concerns Tyk Gateway 5.0.3. The vulnerability is a blind SQL injection in the API parameter api_version , enabling an attacker to access and dump the database via a crafted query. Reported impact is high (database exposure/compromise) with CVSS 3.1 base score 9.8 (CRITICAL) from NV...

Design/Logic Flaw

Under certain conditions, Nessus Network Monitor was found to not properly enforce input validation. This could allow an admin user to alter parameters that could potentially allow a blindSQL injection...

CVE-2023-5624 Blind SQL Injection

Under certain conditions, Nessus Network Monitor was found to not properly enforce input validation. This could allow an admin user to alter parameters that could potentially allow a blindSQL injection...

CVE-2023-4608

An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected...

CVE-2023-4608

An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected...

PT-2023-29831 · Lenovo · Thinksystem

Name of the Vulnerable Software and Affected Versions: ThinkSystem versions v2 and v3 Description: An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. Recommendations: For ThinkSystem versions v2 and v3, consider...

Horizontal scrolling announcement <= 9.2 - Authenticated (subscriber+) Blind SQL Injection

Description The plugin did not sanitise its sid shortcode parameter before using it in a SQL statement, allowing low privilege users subscriber+ to perform Blind SQL Injection attack...

CVE-2023-43794 SQL Injection in nocodb

Nocodb is an open source Airtable alternative. Affected versions of nocodb contain a SQL injection vulnerability, that allows an authenticated attacker with creator access to query the underlying database. By supplying a specially crafted payload to the given an attacker can inject arbitrary SQL...

ChurchCRM 4.5.4 SQL Injection Exploit

Exploit Title: ChurchCRM 4.5.4 - Authenticated Blind SQL Injection via the ENtyid Date: 03-05-2023 Exploit Author: Arvandy Blog Post: https://github.com/arvandy/CVE/blob/main/CVE-2023-29842/CVE-2023-29842.md Software Link: https://github.com/ChurchCRM/CRM/releases Vendor Homepage:...

ChurchCRM 4.5.4 SQL Injection

Exploit Title: ChurchCRM 4.5.4 - Authenticated Blind SQL Injection via the ENtyid Date: 03-05-2023 Exploit Author: Arvandy Blog Post: https://github.com/arvandy/CVE/blob/main/CVE-2023-29842/CVE-2023-29842.md Software Link: https://github.com/ChurchCRM/CRM/releases Vendor Homepage:...

HBSQLI - Automated Tool For Testing Header Based Blind SQL Injection

HBSQLI is an automated command-line tool for performing Header Based Blind SQL injection attacks on web applications. It automates the process of detecting Header Based Blind SQL injection vulnerabilities, making it easier for security researchers , penetration testers & bug bounty hunters to tes...

CVE-2023-45162

Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution. Application of the relevant hotfix remediates this issue. for v8.1.2 apply hotfix Q23166 for v8.4.1 apply hotfix Q23164 for v9.0.1 apply hotfix Q23169 SaaS implementations on v23.7.1...