TypiCMS-Search-LIKE-Wildcard-Info-Disclosure

TypiCMS Search LIKE Wildcard Information Disclosure A proof-o...

CVE-2018-25339

Zechat 1.5 contains a SQL injection vulnerability in the v parameter that enables unauthenticated attackers to extract database information via time-based blind techniques. Exploitation can be performed to confirm vulnerability and retrieve data, indicating potential impact to confidentiality. Th...

CVE-2026-28562

wpForo 2.4.14 contains an unauthenticated SQL injection vulnerability in Topics::gettopics where the ORDER BY clause relies on ineffective escsql sanitization on unquoted identifiers. Attackers exploit the wpfob parameter with CASE WHEN payloads to perform blind boolean extraction of credentials...

CVE-2026-28562

CVE-2026-28562 affects wpForo 2.4.14. The vulnerability is an unauthenticated SQL injection in Topics::get_topics(), where the ORDER BY clause relies on insufficient esc_sql() sanitization for unquoted identifiers. An attacker can craft wpfob payloads (e.g., using CASE WHEN) to perform blind bool...

CVE-2026-28562

wpForo 2.4.14 contains an unauthenticated SQL injection vulnerability in Topics::gettopics where the ORDER BY clause relies on ineffective escsql sanitization on unquoted identifiers. Attackers exploit the wpfob parameter with CASE WHEN payloads to perform blind boolean extraction of credentials...

CVE-2019-25457

Web Ofisi Firma v13 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'oz' array parameter. Attackers can send GET requests to category pages with malicious 'oz' values using time-based blind SQL injectio...

PT-2026-6738

RimbaLinux AhadPOS 1.11 contains a SQL injection vulnerability in the 'alamatCustomer' parameter that allows attackers to manipulate database queries through crafted POST requests. Attackers can exploit time-based and boolean-based blind SQL injection techniques to extract information or...