CVE-2020-10218

The CVE-2020-10218 entry pertains to Sapplica Sentrifugo 3.2, where a Blind SQL Injection vulnerability exists in the index.php/holidaygroups/add id parameter caused by the HolidaydatesController.php addAction function. The issue allows an attacker to read data from the application’s database. Pu...

CVE-2020-10218

A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the HolidaydatesController.php addAction function...

Sentrifugo HRMS 3.2 - (id) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Sentrifugo HRMS 3.2 - 'id' SQL Injection Exploit Author: minhnb Vendor: http://www.sapplica.com Software Link: http://www.sentrifugo.com/download Affected Version: 3.2 and possibly before Patched Version: unpatched Category: Web...

Sentrifugo HRMS 3.2 - id SQL Injection

Sentrifugo HRMS 3.2 - id SQL Injection Exploit Title: Sentrifugo HRMS 3.2 - 'id' SQL Injection Exploit Author: minhnb Website: Date: 2020-03-06 Google Dork: N/A Vendor: http://www.sapplica.com Software Link: http://www.sentrifugo.com/download Affected Version: 3.2 and possibly before Patched...

Sentrifugo HRMS 3.2 - 'id' SQL Injection

Exploit Title: Sentrifugo HRMS 3.2 - 'id' SQL Injection Exploit Author: minhnb Website: Date: 2020-03-06 Google Dork: N/A Vendor: http://www.sapplica.com Software Link: http://www.sentrifugo.com/download Affected Version: 3.2 and possibly before Patched Version: unpatched Category: Web Applicatio...

Sentrifugo HRMS 3.2 SQL Injection

Exploit Title: Sentrifugo HRMS 3.2 - 'id' SQL Injection Exploit Author: minhnb Website: Date: 2020-03-06 Google Dork: N/A Vendor: http://www.sapplica.com Software Link: http://www.sentrifugo.com/download Affected Version: 3.2 and possibly before Patched Version: unpatched Category: Web Applicatio...

Razer: Blind SQL Injection at http://easytopup.in.th/es-services/mps.php via serial_no parameter

The tester determined a Razer Gold Thailand server was vulnerable to a boolean-based blind SQL injection attack. Razer thanks the tester for the very clear PoC...

Mail.ru: [windows10.hi-tech.mail.ru] Blind SQL Injection

Доброе утро! Сегодня удалось найти у вас слепую скулю, правда она снова вне скопа походу URL: https://windows10.hi-tech.mail.ru/api/tweets?cityid=select0fromselectsleep25v Request: GET /api/tweets?cityid=select0fromselectsleep25v HTTP/1.1 Host: windows10.hi-tech.mail.ru User-Agent: Mozilla/5.0 X1...

CVE-2019-20361

There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter a blind SQL injection vulnerability...

CVE-2019-20361

There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter a blind SQL injection vulnerability. Recent assessments: h00die at January 20, 2021 1:48am UTC reported: A blind, time based SQL...

PT-2020-10397 · Unknown · Email Subscribers & Newsletters

Name of the Vulnerable Software and Affected Versions: Email Subscribers & Newsletters versions prior to 4.3.1 Description: The issue is related to a blind SQL injection vulnerability. It allowed SQL statements to be passed to the database in the hash parameter. Recommendations: For versions prio...

InnoGames: Blind SQL Injection

Summary of the Issue A Time Based Blind SQL injection vulnerability was detected on www.innogames.com. Using a specifically crafted payload it was possible to extract database entries. Vulnerable endpoint: https://www.innogames.com/ Steps to reproduce: 1. Getting two states for boolean based sql...

Andor - Blind SQL Injection Tool With Golang

Blind SQL Injection Tool with Golang. Usage Download andor.go and go to the folder where the file andor.go located. And type this to command promt: go run andor.go --url "http://deneme.com/index.php?id=1" Note: Get parameter value must be correct, otherwise it will not work. Download Andor...

Email Subscribers & Newsletters < 4.2.3 - Multiple Issues

- Unauthenticated File Download leading to Information Disclosure - Blind SQL Injection in INSERT statement - Insecure Permissions on Dashboard and Settings - CSRF on Settings - Send Test Emails from the Administrative Dashboard as an Authenticated User with a role of Subscriber and above -...

CBAS-Web 19.0.0 - &#039;id&#039; Boolean-based Blind SQL Injection

Exploit Title: CBAS-Web 19.0.0 - 'id' Boolean-based Blind SQL Injection Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/ Version: 19.0.0 Tested on:...

Computrols CBAS-Web 19.0.0 Blind SQL Injection

Computrols CBAS-Web Authenticated Boolean-based Blind SQL Injection Affected versions: 19.0.0 and below CVE: CVE-2019-10852 Advisory: https://applied-risk.com/resources/ar-2019-009 Paper: https://applied-risk.com/resources/i-own-your-building-management-system by Gjoko 'LiquidWorm' Krstic PoC id...

CBAS-Web 19.0.0 - id Boolean-based Blind SQL Injection

CBAS-Web 19.0.0 - id Boolean-based Blind SQL Injection Exploit Title: CBAS-Web 19.0.0 - 'id' Boolean-based Blind SQL Injection Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link:...

CBAS-Web 19.0.0 - (id) Boolean-based Blind SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: CBAS-Web 19.0.0 - 'id' Boolean-based Blind SQL Injection Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/...

Mail.ru: Blind SQL Injection on news.mail.ru

Blind time based SQL injection in news.mail.ru due to insecure use of user-controlled GET parameter...

rimbalinux AhadPOS 1.11 - (alamatCustomer) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: rimbalinux AhadPOS 1.11 - 'alamatCustomer' SQL Injection Exploit Author: Cakes Vendor Homepage: https://github.com/rimbalinux/AhadPOS Software Link: https://github.com/rimbalinux/AhadPOS.git Version: 1.11 Tested on: CentOS 7 CVE...