CVE-2022-1367

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in HandlerTCV.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-1366

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in HandlerChart.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-27104

An Unauthenticated time-based blind SQL injection vulnerability exists in Forma LMS prior to v.1.4.3...

CVE-2022-26631

CVE-2022-26631 affects the Automatic Question Paper Generator v1.0. The vulnerability is a time-based blind SQL injection exploitable through the id parameter in GET requests, enabling an attacker to infer data from the database. The issue is documented across multiple sources (NVD entry and seve...

CVE-2022-27366

Cscms Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the component danceDance.phphy...

CVE-2022-1258

A blind SQL injection vulnerability in the ePolicy Orchestrator ePO extension of MA prior to 5.7.6 can be exploited by an authenticated administrator on ePO to perform arbitrary SQL queries in the back-end database, potentially leading to command execution on the server...

CVE-2022-1258

A blind SQL injection vulnerability in the ePolicy Orchestrator ePO extension of MA prior to 5.7.6 can be exploited by an authenticated administrator on ePO to perform arbitrary SQL queries in the back-end database, potentially leading to command execution on the server...

CSZ CMS 1.2.9 SQL Injection

Exploit Title: CSZ CMS 1.2.9 - 'Multiple' Blind SQL Injection Authenticated Date: 2021-04-14 Exploit Author: Rahad Chowdhury Vendor Homepage: https://www.cszcms.com/ Software Link: https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.2.9.zip Version: 1.2.9 Tested on: Windows 10, Kali...

CSZ CMS 1.2.9 - Multiple Blind SQL injection (Authenticated) Vulnerability

Exploit Title: CSZ CMS 1.2.9 - 'Multiple' Blind SQLiAuthenticated Exploit Author: Rahad Chowdhury Vendor Homepage: https://www.cszcms.com/ Software Link: https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.2.9.zip Version: 1.2.9 Tested on: Windows 10, Kali Linux, PHP 7.4.16, Apache...

CSZ CMS 1.2.9 - 'Multiple' Blind SQLi(Authenticated)

Exploit Title: CSZ CMS 1.2.9 - 'Multiple' Blind SQLiAuthenticated Date: 2021-04-14 Exploit Author: Rahad Chowdhury Vendor Homepage: https://www.cszcms.com/ Software Link: https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.2.9.zip Version: 1.2.9 Tested on: Windows 10, Kali Linux, PHP...

CVE-2022-27175

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability that exists in GetCalcTagList. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-26666

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in HandlerECC.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-26887

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in DIAEloopmapHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-0923

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability that exists in HandlerDialogKID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-0923

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability that exists in HandlerDialogKID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-26349

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability that exists in DIAEeccoefficientHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-26666

Delta Electronics DIAEnergie (all versions before 1.9) contains a blind SQL injection in HandlerECC.ashx that lets an attacker inject arbitrary SQL, retrieve/modify data, and potentially execute system commands. The CVSS v3.1 base score is 9.8 (CRITICAL), with network access, no authentication, a...

CVE-2021-43701

CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnerability in the endpoint /admin/export/getcsv/articledb, via the fieldS and orderby parameters...

WordPress Advanced Page Visit Counter <= 6.1.5 - Blind SQL Injection (SQLi) vulnerability

Blind SQL Injection SQLi vulnerability discovered by Krzysztof Zając in WordPress Advanced Page Visit Counter versions = 6.1.5. Solution Update the WordPress Advanced Page Visit Counter – Most Advanced WordPress Visit Counter Plugin to the latest available version at least 6.1.6...

Advanced Page Visit Counter < 6.1.6 - Subscriber+ Blind SQL injection

The plugin does not escape the artID parameter before using it in a SQL statement in the apvcresetcountart AJAX action, available to any authenticated user, leading to a SQL injection v = 5.0.8 - https://example.com/wp-admin/admin-ajax.php?action=apvcresetcountart&artID=sleep10 v 6.1.6 -...