Zenario CMS 8.8.53370 - 'id' Blind SQL Injection

Exploit Title: Zenario CMS 8.8.53370 - 'id' Blind SQL Injection Date: 05/02/2021 Exploit Author: Balaji Ayyasamy Vendor Homepage: https://zenar.io/ Software Link: https://github.com/TribalSystems/Zenario/releases/tag/8.8 Version: 8.8.53370 Tested on: Windows 10 Pro 19041 x6486 + XAMPP 7.4.14 CVE:...

Zenario CMS 8.8.53370 - (id) Blind SQL Injection Vulnerability

Exploit Title: Zenario CMS 8.8.53370 - 'id' Blind SQL Injection Exploit Author: Balaji Ayyasamy Vendor Homepage: https://zenar.io/ Software Link: https://github.com/TribalSystems/Zenario/releases/tag/8.8 Version: 8.8.53370 Tested on: Windows 10 Pro 19041 x6486 + XAMPP 7.4.14 Reference -...

SQL Servers Blind SQL Injection Techniques

SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...

Online Ordering System 1.0 SQL Injection

Exploit Title: Online Ordering System 1.0 - Blind SQL Injection Unauthenticated Date: 2021-03-04 Exploit Author: Suraj Bhosale Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/5125/online-ordering-system-using-phpmysql.html Version: v1.0 Vulnerable...

Online Ordering System 1.0 - Blind SQL Injection (Unauthenticated) Vulnerability

Exploit Title: Online Ordering System 1.0 - Blind SQL Injection Unauthenticated Exploit Author: Suraj Bhosale Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/5125/online-ordering-system-using-phpmysql.html Version: v1.0 Vulnerable endpoint:...

Local Services Search Engine Management System 1.0 SQL Injection

Exploit Title: Local Services Search Engine Management System LSSMES 1.0 - Blind & Error based SQL injection Authenticated Date: 2021-03-02 Exploit Author: Tushar Vaidya Vendor Homepage: https://phpgurukul.com/local-services-search-engine-management-system-using-php-and-mysql/ Software Link:...

Doctor Appointment System 1.0 Blind SQL Injection Vulnerability

Exploit Title: Doctor Appointment System 1.0 Blind SQL injection in email parameter CVE: CVE-2021-27319 Exploit Author: Nakul Ratti Vendor Homepage: https://www.sourcecodester.com/php/14182/doctor-appointment-system.html Software Link:...

Doctor Appointment System 1.0 SQL Injection

Exploit Title: Doctor Appointment System 1.0 Blind SQL injection in comment parameter Date: 02-03-2021 CVE: CVE-2021-27315 Exploit Author: Soham Bakore Vendor Homepage: https://www.sourcecodester.com/php/14182/doctor-appointment-system.html Software Link:...

Doctor Appointment System 1.0 Blind SQL Injection

Exploit Title: Doctor Appointment System 1.0 Blind SQL injection in email parameter Date: 03-03-2021 CVE: CVE-2021-27319 Exploit Author: Nakul Ratti Vendor Homepage: https://www.sourcecodester.com/php/14182/doctor-appointment-system.html Software Link:...

eChat 1.0 SQL Injection Vulnerability

Exploit Title: eChat | Time-Based Blind SQL Injection Exploit Author: email protected Vendor Homepage: https://www.sourcecodester.com/php/10498/echat-simple-chat-system-app-using-phpmysql.html Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/echat.zip Version:...

Sql injection

The id parameter in detail.php of Online Book Store v1.0 is vulnerable to union-based blind SQL injection, which leads to the ability to retrieve all databases...

U.S. Dept Of Defense: Blind SQL iNJECTION

Hi DoD Secuirty team , i found Blind SQL Injection in this below domain https://███████ Proof of concept: Vuln URL:https://██████████/██████ Pooc: URL encoded POST input ███ was set to -1' OR 321=6 AND 1=1 or '4mEwSPwJ'=' Tests performed: -1' OR 1=1 or '4mEwSPwJ'=' = TRUE -1' OR 2=4 or '4mEwSPwJ'...

GHSA-5V44-7647-XFW9 Blind SQL injection in PrestaShop productcomments module

Impact An attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. Patches The problem is fixed in 4.2.1...

CVE-2020-29015

A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL statement...

Sql injection

A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL statement...

CVE-2020-29015

A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL statement...

flatCore CMS XSS / File Disclosure / SQL Injection

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: flatCore CMS vulnerable version: 2.0.0 Build 139 fixed version: Release 2.0.0 Build 139 CVE number: CVE-2021-23835, CVE-2021-23836,...

CVE-2020-23630

A blind SQL injection vulnerability exists in zzcms ver201910 based on time cookie injection...

CVE-2020-23630

CVE-2020-23630 affects ZZCMS ver201910, with a blind SQL injection vulnerability based on time (cookie injection). Multiple sources confirm a SQL injection flaw in ZZCMS 201910 (lack of input validation for SQL statements) that could allow an attacker to execute arbitrary SQL commands. Documented...

MTN Group: Blind SQL Injection

hello dear support I have found Blind SQL Injection on https://futexpert.mtngbissau.com/signin/ parameters injectable phonenumber=0&pin=1&submit=Continuar via post URL:https://futexpert.mtngbissau.com/signin/ Post: email=0 my payload :...