CVE-2022-29688

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/hy...

CVE-2022-29687

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/leveldel...

CVE-2022-29687

CVE-2022-29687 affects CSCMS Music Portal System v4.2. A blind SQL injection exists in the id parameter of /admin.php/user/level_del, enabling potential unauthorized SQL execution. Per the CVE, impact includes partial confidentiality, integrity, and availability (CVSS 3.1: HIGH impact). No explic...

CVE-2022-29686

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/lists/zhuan...

CVE-2022-29685

CVE-2022-29685 affects CSCMS Music Portal System v4.2. The vulnerability is a blind SQL injection in the id parameter of /admin.php/User/level_sort, caused by lack of input validation. This can lead to unauthorized SQL execution and exposure of database data (confidentiality, integrity, and avail...

CVE-2022-29685

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/User/levelsort...

CVE-2022-29684

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/jsdel...

CVE-2022-29682

CVE-2022-29682 affects CSCMS Music Portal System v4.2. The vulnerability is a blind SQL injection reachable via the id parameter in the administrative endpoint: /admin.php/vod/admin/topic/del. Public advisories describe the issue as an SQL injection that allows potentially unauthorized SQL statem...

CVE-2022-29681

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Links/del...

CVE-2022-29680

CVE-2022-29680 affects CSCMS Music Portal System v4.2. A blind SQL injection exists in the id parameter of /admin.php/user/zu_del due to lack of input validation, enabling potential unauthorized access to database data. CVSS metrics present: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (NVD 3.1) and CVSS2...

CVE-2022-29661

CVE-2022-29661 affects CSCMS Music Portal System v4.2. It has a blind SQL injection in the id parameter of /admin.php/pic/admin/type/save due to lack of input validation, enabling an attacker to execute SQL statements and potentially exfiltrate data. Root cause: unsanitized id parameter. Impact a...

CVE-2022-29661

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/save...

CVE-2021-35487

Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates for the Manage Alerts page via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user,...

CVE-2021-35487

Summary : CVE-2021-35487 affects Nokia Broadcast Message Center up to version 11.1.0. An authenticated user can perform a Boolean Blind SQL Injection on the /owui/block/send-receive-updates endpoint via the extIdentifier HTTP POST parameter, enabling retrieval of the database user, database name,...

SQL injection in helloxz/imgurl

imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost...

GHSA-RRJV-34P5-4C7R SQL injection in helloxz/imgurl

imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost...

CVE-2022-29305

imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost...

CVE-2022-29305

imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost...

Sql injection

imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost...

CVE-2022-29305

CVE-2022-29305 concerns imgurl v2.31, which has a Blind SQL injection vulnerability located at /upload/localhost. Multiple connected sources describe the issue as an SQL injection stemming from unsanitized input in the upload handling (e.g., Veracode notes exploitation via the query parameter in ...