CVE-2021-38391

A Blind SQL injection vulnerability exists in the /DataHandler/AM/AMHandler.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter type before using it as part of an SQL query. A...

CVE-2021-37749

MapService.svc in Hexagon GeoMedia WebMap 2020 before Update 2 aka 16.6.2.66 allows blind SQL Injection via the Id within sourceItems parameter to the GetMap method...

CVE-2021-37749

MapService.svc in Hexagon GeoMedia WebMap 2020 before Update 2 aka 16.6.2.66 allows blind SQL Injection via the Id within sourceItems parameter to the GetMap method...

Sql injection

MapService.svc in Hexagon GeoMedia WebMap 2020 before Update 2 aka 16.6.2.66 allows blind SQL Injection via the Id within sourceItems parameter to the GetMap method...

CVE-2021-37749

The CVE-2021-37749 entry concerns Hexagon GeoMedia WebMap 2020 prior to Update 2 (16.6.2.66). A vulnerability in MapService.svc allows blind SQL injection via the Id (within sourceItems) parameter to the GetMap method. CVSSv3.1 base score 9.8 (CRITICAL) with network attack vector, no user interac...

SQL Injection in opensourcepos/opensourcepos

✍️ Description The Application is vulnerable to blind SQL Injection 🕵️‍♂️ Proof of Concept URL: https://dev.opensourcepos.org/itemkits/search?sort=1 Vulnerable Parameter: sort SQLMap POC --- Parameter: sort GET Type: boolean-based blind Title: Boolean-based blind - Parameter replace original value...

CVE-2021-24457 Portfolio Responsive Gallery < 1.1.8 - Authenticated Blind SQL Injections

The getportfolios and getportfolioattributes functions in the class-portfolio-responsive-gallery-list-table.php and class-portfolio-responsive-gallery-attributes-list-table.php files of the Portfolio Responsive Gallery WordPress plugin before 1.1.8 did not use whitelist or validate the orderby...

Oracle Fatwire 6.3 - Multiple Vulnerabilities

Exploit Title: Oracle Fatwire 6.3 - Multiple Vulnerabilities Date: 29/07/2021 Exploit Author: J. Francisco Bolivar @Jfrancbit Vendor Homepage: https://www.oracle.com/index.html Version: 6.3 Tested on: CentOS 1. Xss Adt parameter is vulnerable to Xss:...

Oracle Fatwire 6.3 - Multiple Vulnerabilities

Exploit Title: Oracle Fatwire 6.3 - Multiple Vulnerabilities Exploit Author: J. Francisco Bolivar @Jfrancbit Vendor Homepage: https://www.oracle.com/index.html Version: 6.3 Tested on: CentOS 1. Xss Adt parameter is vulnerable to Xss: https://IPADDRESS/cs/Satellite?c=Page&cid=xxxx&pagename=xxxx&ad...

Oracle Fatwire 6.3 Cross Site Scripting / SQL Injection

Exploit Title: Oracle Fatwire 6.3 - Multiple Vulnerabilities Date: 29/07/2021 Exploit Author: J. Francisco Bolivar @Jfrancbit Vendor Homepage: https://www.oracle.com/index.html Version: 6.3 Tested on: CentOS 1. Xss Adt parameter is vulnerable to Xss:...

Exploit for SQL Injection in Virtuasoftware Cobranca

My CVEs Collection of PoC to my C...

TripSpark VEO Transportation - Blind SQL Injection

Exploit Title: TripSpark VEO Transportation - 'editOEN' Blind SQL Injection Google Dork: inhtml:"Student Busing Information" Date: 07/27/2021 Exploit Author: Sedric Louissaint @LKn0w Vendor Homepage: https://www.tripspark.com Software Document Link:...

TripSpark VEO Transportation - Blind SQL Injection Vulnerability

Exploit Title: TripSpark VEO Transportation - 'editOEN' Blind SQL Injection Google Dork: inhtml:"Student Busing Information" Exploit Author: Sedric Louissaint @LKn0w Vendor Homepage: https://www.tripspark.com Software Document Link: https://www.tripspark.com/resourcefiles/veo-transportation.pdf...

CVE-2021-30486

SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injection via AssetManagementChart.jsp GET computerID, AssetManagementChart.jsp POST group1, AssetManagementList.jsp GET computerID or group1, or AssetManagementSummary.jsp GET group1...

CVE-2021-30486

SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injection via AssetManagementChart.jsp (GET computerID), AssetManagementChart.jsp (POST group1), AssetManagementList.jsp (GET computerID or group1), or AssetManagementSummary.jsp (GET group1). The CVE-2021-30486 entries confirm this remote, ...

Woocommerce 3.3 to 5.5 - Authenticated Blind SQL Injection

The plugin was reported to be affected by a critical Authenticated Blind SQL Injection vulnerability. PoC http://www.example.com/wp-json/wc/store/products/collection-data?calculateattributecounts0taxonomy=a%252522%252529%252520or%252520sleep%25252810.1%252529%252523...

Woocommerce 3.3 to 5.5 - Authenticated Blind SQL Injection

The plugin was reported to be affected by a critical Authenticated Blind SQL Injection vulnerability. http://www.example.com/wp-json/wc/store/products/collection-data?calculateattributecounts0taxonomy=a%252522%252529%252520or%252520sleep%25252810.1%252529%252523...

CVE-2021-30117

The API call /InstallTab/exportFldr.asp is vulnerable to a semi-authenticated boolean-based blind SQL injection in the parameter fldrId. Detailed description --- Given the following request: GET /InstallTab/exportFldr.asp?fldrId=1’ HTTP/1.1 Host: 192.168.1.194 User-Agent: Mozilla/5.0 Macintosh;...

CVE-2020-20585

A blind SQL injection in /admin/?n=logs&c=index&a=dode of Metinfo 7.0 beta allows attackers to access sensitive database information...

WordPress Popup box plugin <= 2.3.3 - Authenticated Blind SQL Injection (SQLi) vulnerability

Authenticated Blind SQL Injection SQLi vulnerability discovered by To Quang Duong in WordPress Popup box plugin versions = 2.3.3. Solution Update the WordPress Popup box plugin to the latest available version at least 2.3.4...