4 matches found
EUVD-2018-21902
Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang parameter that allows unauthenticated attackers to manipulate database queries during authentication. Attackers can inject SQL code through the lang parameter in login requests to extract sensitive informati...
GHSA-XHW7-J96H-C3G5 YAFNET: Pre-Handler Authorization Bypass on Admin Pages Enables Blind SQL Execution via `/Admin/RunSql`
Issue Details: YAFNET's only admin authorization gate is PageSecurityCheckAttribute, implemented as a ResultFilterAttribute that runs after the page handler completes rather than before it. No other gate exists. Any admin OnPost… handler therefore executes its side effects before the filter...
CVE-2025-51683
A blind SQL Injection SQLi vulnerability in mJobtime v15.7.2 allows unauthenticated attackers to execute arbitrary SQL statements via a crafted POST request to the /Default.aspx/updateprofileServer endpoint...
CVE-2025-11188
The Kiwire Captive Portal contains a blind SQL injection in the nas-id parameter, allowing for SQL commands to be issued and to compromise the corresponding database...