CVE-2021-43789

CVE-2021-43789 affects PrestaShop prior to 1.7.8.2. The vulnerability is a blind SQL injection in search filters using the responsible parameters, specifically through the fields “orderBy” and “sortOrder.” The issue is fixed in version 1.7.8.2. Public references and OSV/GHSA entries reiterate the...

CVE-2021-25784

Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article...

Sql injection

Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article Search...

Sql injection

Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article...

CVE-2021-25784

Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article...

CVE-2021-25783

Taocms v2.5Beta5 has a blind SQL injection vulnerability in the Article Search function. The issue is documented across multiple sources as a SQL injection flaw in TaoCMS, with no public exploitation details provided in these connected entries. Per the CVE record, the vulnerability carries a CVSS...

CVE-2022-38148 - Blind SQL Injection via GridFieldSortableHeader

More info at https://www.silverstripe.org/download/security-releases/cve-2022-38148...

CVE-2021-3958

Improper Handling of Parameters vulnerability in Ipack Automation Systems Ipack SCADA Software allows : Blind SQL Injection.This issue affects Ipack SCADA Software: from unspecified before 1.1.0...

CVE-2021-3958

CVE-2021-3958 is a SQL injection vulnerability in IPack SCADA Automation Software caused by improper handling of parameters. It affects IPack SCADA Software versions prior to 1.1.0 and is described as Blind SQL Injection with potential for remote exploitation over network. Public records indicate...

Modern Events Calendar < 6.1.5 - Unauthenticated Blind SQL Injection

The plugin does not sanitise and escape the time parameter before using it in a SQL statement in the mecloadsinglepage AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue PoC...

Fuel CMS 1.4.13 SQL Injection

Exploit Title: Fuel CMS 1.4.13 - 'col' Parameter Blind SQL Injection Authenticated Date: 2021-04-11 Exploit Author: Rahad Chowdhury Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/archive/1.4.13.zip Version: 1.4.13 Tested on: Kali Linux, PHP...

Fuel CMS 1.4.13 - &#039;col&#039; Blind SQL Injection (Authenticated)

Exploit Title: Fuel CMS 1.4.13 - 'col' Blind SQL Injection Authenticated Date: 2021-04-11 Exploit Author: Rahad Chowdhury Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/archive/1.4.13.zip Version: 1.4.13 Tested on: Kali Linux, PHP 7.4.16,...

Fuel CMS 1.4.13 - (col) Blind SQL Injection Vulnerability

Exploit Title: Fuel CMS 1.4.13 - 'col' Blind SQL Injection Authenticated Exploit Author: Rahad Chowdhury Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/archive/1.4.13.zip Version: 1.4.13 Tested on: Kali Linux, PHP 7.4.16, Apache 2.4.46 Steps...

CVE-2021-28022

Blind SQL injection in the login form in ServiceTonic Helpdesk software 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries...

Sql injection

Blind SQL injection in the login form in ServiceTonic Helpdesk software 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries...

CVE-2021-28022

Blind SQL injection in the login form in ServiceTonic Helpdesk software 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries...

CVE-2021-28022

CVE-2021-28022 affects ServiceTonic Helpdesk software prior to 9.0.35937. The root cause is a blind SQL injection in the login form, allowing an attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries. Affected product: ServiceTonic Helpdesk. Impact stated i...

Opencart 3 Extension TMD Vendor System - Blind SQL Injection Exploit

Exploit Title: Opencart 3 Extension TMD Vendor System - Blind SQL Injection Author: Muhammad Zaki Sulistya email protected Product: TMD Vendor System Vendor Homepage: https://www.opencartextensions.in/ Software Link: https://www.opencartextensions.in/opencart-multi-vendor-multi-seller-marketplace...

Opencart 3 Extension TMD Vendor System SQL Injection

Exploit Title: Opencart 3 Extension TMD Vendor System - Blind SQL Injection Author: Muhammad Zaki Sulistya [email protected] Date: 03-11-2021 Product: TMD Vendor System Vendor Homepage: https://www.opencartextensions.in/ Software Link:...

CVE-2020-21725

OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the pid parameter...