Lucene search
K

4 matches found

EUVD
EUVD
added 2026/05/25 2:15 p.m.15 views

EUVD-2018-21902

Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang parameter that allows unauthenticated attackers to manipulate database queries during authentication. Attackers can inject SQL code through the lang parameter in login requests to extract sensitive informati...

8.8CVSS5.9AI score0.0039EPSS
Exploits0References3
OSV
OSV
added 2026/05/05 8:32 p.m.7 views

GHSA-XHW7-J96H-C3G5 YAFNET: Pre-Handler Authorization Bypass on Admin Pages Enables Blind SQL Execution via `/Admin/RunSql`

Issue Details: YAFNET's only admin authorization gate is PageSecurityCheckAttribute, implemented as a ResultFilterAttribute that runs after the page handler completes rather than before it. No other gate exists. Any admin OnPost… handler therefore executes its side effects before the filter...

8.8CVSS6.2AI score0.00488EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/12/01 12:0 a.m.11 views

CVE-2025-51683

A blind SQL Injection SQLi vulnerability in mJobtime v15.7.2 allows unauthenticated attackers to execute arbitrary SQL statements via a crafted POST request to the /Default.aspx/updateprofileServer endpoint...

0.00381EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/10/11 11:20 a.m.6 views

CVE-2025-11188

The Kiwire Captive Portal contains a blind SQL injection in the nas-id parameter, allowing for SQL commands to be issued and to compromise the corresponding database...

7.3CVSS8.1AI score0.00278EPSS
Exploits0References1
Rows per page
Query Builder