4673 matches found
Pharmacy Medical Store and Sale Point 1.0 - (catid) SQL Injection Vulnerability
Exploit for php platform in category web applications Title: Pharmacy Medical Store and Sale Point 1.0 - 'catid' SQL Injection Exploit Author: Moaaz Taha 0xStorm Vendor Homepage: https://www.sourcecodester.com/php/14398/pharmacymedical-store-sale-point-using-phpmysql-bootstrap-framework.html...
Mail.ru: tmgame.mail.ru - Blind sql injection
https://tmgame.mail.ru/action.php?xml=1&acode=comein&buildtype=all&bldID=selectfromselectsleep20a&bldlocID=8 bldID уязвимый get-параметор. Impact Получение данных из бд...
MTN Group: blind sql on [selfcare.mtn.com.af]
Summary: add summary of the vulnerability Steps To Reproduce: add details for how we can reproduce the issue get cid = sql SQL query - SELECT user FROM dual CONAPPMTNA HTTP Request GET /selfcare/HomePageDisplay?cid=26%20AND%20321=6%20AND%20498=498&location=MTNA HTTP/1.1 X-Requested-With:...
CVE-2020-14982
A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later before 4.0 affecting the com.threeis.webta.H352premPayRequest servlet's SortBy parameter allows an attacker with the Employee, Supervisor, or Timekeeper role to read sensitive data from the database...
CVE-2020-14982
CVE-2020-14982 describes a Blind SQL Injection in Kronos WebTA 3.8.x and later until 4.0, affecting the com.threeis.webta.H352premPayRequest servlet’s SortBy parameter. An attacker with the Employee, Supervisor, or Timekeeper role can read sensitive data from the database. The available connected...
SRS Simple Hits Counter <= 1.0.4 - Unauthenticated Blind SQL Injection
Alex Peña from Tenable discovered a blind SQL injection which could allow unauthenticated remote attackers to retrieve data from the DBMS. Note: The vendor attempted a fix in v1.0.4, which is incomplete. PoC The PoC will be displayed once the issue has been remediated...
SRS Simple Hits Counter <= 1.0.4 - Unauthenticated Blind SQL Injection
Alex Peña from Tenable discovered a blind SQL injection which could allow unauthenticated remote attackers to retrieve data from the DBMS. Note: The vendor attempted a fix in v1.0.4, which is incomplete. The PoC will be displayed once the issue has been remediated...
WordPress SRS Simple Hits Counter plugin <= 1.0.3 - Unauthenticated Blind SQL Injection (SQLi) vulnerability
Unauthenticated Blind SQL Injection SQLi vulnerability found by Alex Peña Tenable in WordPress SRS Simple Hits Counter plugin versions = 1.0.3. Solution Update the WordPress SRS Simple Hits Counter plugin to the latest available version at least 1.0.4...
CVE-2020-3973
The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged...
CVE-2020-3973
The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged...
Phase Botnet - Blind SQL Injection Exploit
Exploit for linux platform in category web applications...
WordPress ChopSlider 3 3.4 SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: ChopSlider3 Wordpress Plugin3.4 - 'id' SQL Injection Exploit Author: SunCSR Sun Cyber Security Research Vendor Homepage: https://idangero.us/ Software Link: https://github.com/idangerous/Plugins Version: getrow'SELECT FROM '...
Chopslider <= 3.4 - Unauthenticated Blind SQL Injection
The id parameter of the getscript/index.php page is not sanitised when used in a SQL statement, leading to an unauthenticated blind SQL Injection issue. Vendor was contacted by researcher, on March 3rd, 2020 but no reply was received. The PoC will be displayed once the issue has been remediated...
CVE-2020-11530
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to getscript/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user...
Sql injection
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to getscript/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user...
Joomla com_content 1.5 - Blind SQL Injection Vulnerability
Document Title: =============== Joomla comcontent 1.5 - Blind SQL Injection Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2246 Release Date: ============= 2020-05-02 Vulnerability Laboratory ID VL-ID: ====================================...
Zomato: [www.zomato.com] Blind SQL Injection in /php/geto2banner
Hi Team! Our team discovered a Blind SQL Injection by Abusing LocalParams resid in /php/geto2banner We are working to create a full PDF Report as an WriteUp ; Here is a Temporal Exploit based on the Vulnerable request: POST /php/geto2banner HTTP/1.1 Host: www.zomato.com Connection: close...
MiladWorkShop VIP System 1.0 SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: MiladWorkShop VIP System 1.0 - 'lang' SQL Injection Google Dork: Powered By MiladWorkShop VIP System Exploit Author: AYADI Mohamed email : email protected Vendor Homepage: https://miladworkshop.ir/ Software Link:...
CVE-2020-10218
A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the HolidaydatesController.php addAction function...
Sql injection
A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the HolidaydatesController.php addAction function...