Online Graduate Tracer System 1.0 SQL Injection

Exploit Title: Online Graduate Tracer System - Multiple SQLi Date: 24/03/2023 Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/15904/online-graduate-tracer-system-college-ict-alumni.html Software Download:...

Online Graduate Tracer System - Multiple SQL injection Vulnerabilities

A Blind SQL injection vulnerability in the fill-in forms of Online Graduate Tracer System allows remote unauthenticated attackers to execute remote arbitrary SQL commands through "age" parameter. Description A Blind SQL injection vulnerability in the fill-in forms of Online Graduate Tracer System...

CVE-2023-0875

The WP Meta SEO WordPress plugin before 4.5.3 does not properly sanitize and escape inputs into SQL queries, leading to a blind SQL Injection vulnerability that can be exploited by subscriber+ users...

CVE-2023-23315

The PrestaShop e-commerce platform module stripejs contains a Blind SQL injection vulnerability up to version 4.5.5. The method stripejsValidationModuleFrontController::initContent has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection...

PT-2023-18904 · Prestashop · Stripejs

Name of the Vulnerable Software and Affected Versions: PrestaShop e-commerce platform module stripejs versions up to 4.5.5 Description: The issue concerns a Blind SQL injection vulnerability. The method stripejsValidationModuleFrontController::initContent contains sensitive SQL calls that can be...

K25160703: BIG-IP AFM vulnerability CVE-2020-5920

Security Advisory Description A vulnerability in the BIG-IP AFM Configuration utility may allow any authenticated BIG-IP user to perform a read-only blind SQL injection attack. CVE-2020-5920 Impact An attacker may be able to extract table name enumeration and user account names. All other data...

Blind SQL Injection via GridFieldSortableHeader

Gridfield state is vulnerable to SQL injections. The vast majority of Gridfields in Silverstripe CMS are affected by this vulnerability. An attacker with CMS access could execute an arbitrary SQL statement by adding an SQL payload in some parts of the GridField state...

CVE-2022-26959

CVE-2022-26959 describes two full Blind/Time-based SQL injection vulnerabilities in Northstar Club Management v6.3. The flaws affect: (1) processlogin.jsp in /northstar/Portal/ via the userName parameter, and (2) login.jsp in /northstar/iphone/ via the userID parameter. Exploitation could grant f...

WordPress Ketchup Restaurant Reservations plugin <= 1.0.0 - Unauthenticated Blind SQL Injection (SQLi) vulnerability

Unauthenticated Blind SQL Injection SQLi vulnerability discovered by Bastijn Ouwendijk in WordPress Ketchup Restaurant Reservations plugin versions = 1.0.0. Solution Deactivate and delete. This plugin has been closed as of August 29, 2022 and is not available for download. This closure is...

CVE-2022-36201

Doctor’s Appointment System v1.0 is vulnerable to Blind SQLi via settings.php...

CVE-2022-36201

Doctor’s Appointment System v1.0 is vulnerable to Blind SQLi via settings.php...

Design/Logic Flaw

Doctor’s Appointment System v1.0 is vulnerable to Blind SQLi via settings.php...

Crime Reporting System 1.0 SQL Injection

Exploit Title: Crime Reporting System - Blind SQL Injection on Login email parameter Date: 31/07/2022 Exploit Author: saitamang Vendor Homepage: code-projects.org Software Link:...

Transposh WordPress Translation 1.0.8.1 SQL Injection

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type: Improper Authorization CWE-285 Date found: 2022-02-21 Date...

CVE-2022-24690

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A PresAbs.php SQL Injection vulnerability allows unauthenticated users to taint database data and extract sensitive information via crafted HTTP requests. The type of SQL Injection is blind boolean based. An unauthenticated attacker...

CVE-2022-24691

CVE-2022-24691 affects DSK DSKNet 2.16.136.0 and 2.17.136.5. The vulnerability is a blind boolean-based SQL Injection that allows authenticated users to taint database data and extract sensitive information via crafted HTTP requests.

CVE-2022-24690

CVE-2022-24690 : A blind boolean-based SQL injection in PresAbs.php on DSKNet 2.16.136.0 and 2.17.136.5 allows unauthenticated attackers to taint database data and extract sensitive information (e.g., user badge numbers and PINs) via crafted HTTP requests. The issue is linked to Broken Access Con...

Sql injection

A vulnerability was found in Itech Auction Script 6.49. It has been classified as critical. This affects an unknown part of the file /mcategory.php. The manipulation of the argument mcid with the input 4' AND 1734=1734 AND 'Ggks'='Ggks leads to sql injection Blind. It is possible to initiate the...

CVE-2022-34972

So Filter Shop v3.x was discovered to contain multiple blind SQL injection vulnerabilities via the attvalueid , manuvalueid , optvalueid , and subcatevalueid parameters at /index.php?route=extension/module/sofiltershopby/filterdata...

CVE-2021-44915

Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category...