4698 matches found
Blood Pressure Monitoring System 1.0 SQL Injection
============================================================================================================================================= | Title : Blood Pressure Monitoring System 1.0 Blind Sql Injection injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browse...
Cisco Identity Services Engine REST API Blind SQLi (cisco-sa-ise-rest-5bPKrNtZ)
According to its self-reported version, Cisco Identity Services Engine REST API Blind SQL Injection Vulnerabilities is affected by a Blind SQL Injection SQLi vulnerability. - Multiple vulnerabilities in the REST API of Cisco Identity Services Engine ISE could allow an authenticated, remote attack...
CVE-2024-7076
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows Blind SQL Injection. This issue affects Semtek Sempos: through 31072024...
CVE-2024-6919
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Blind SQL Injection. This issue affects NACPremium: through 01082024...
CVE-2024-6919
CVE-2024-6919 is a SQL injection vulnerability in NAC Premium (NACPremium) caused by improper neutralization of special elements, enabling blind SQL injection. Affected versions are through 01082024. Connected documents consistently reference this as a NACPremium issue with potential data exposur...
WordPress ChopSlider3 Id SQL Injection Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress ChopSlider3 id SQLi Scanner', 'Description' = %q The iDangero.us Chop Slider 3 WordPress plugin version 3.4 and prior contains a blind...
Grandstream UCM62xx IP PBX WebSocket Blind SQL Injection Credential Dump
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Grandstream UCM62xx IP PBX WebSocket Blind SQL Injection Credential Dump', 'Description' = %q This module uses a blind SQL injection CVE-2020-572...
CVE-2024-20417
Multiple vulnerabilities in the REST API of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct blind SQL injection attacks. These vulnerabilities are due to insufficient validation of user-supplied input in REST API calls. An attacker could exploit these...
CVE-2023-3419
The tagDiv Opt-In Builder plugin is vulnerable to Blind SQL Injection via the 'couponId' parameter of the 'recreatestripesubscription' REST API endpoint in versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
CVE-2023-3416
The tagDiv Opt-In Builder plugin is vulnerable to Blind SQL Injection via the 'subscriptionCouponId' parameter via the 'createstripesubscription' REST API endpoint in versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...
CVE-2023-3419
CVE-2023-3419 concerns tagDiv Opt-In Builder (WordPress plugin) with a Blind SQL Injection in the couponId parameter of the recreate_stripe_subscription REST endpoint. Affected versions up to and including 1.4.4 allow an authenticated administrator to append SQL statements to existing queries, en...
ReadyMade Unilevel Ecommerce MLM Blind SQL Injection / Cross Site Scripting
x========================================================================================================================================x | Title : Readymade Unilevel Ecommerce MLM Blind SQL & XSS Vulnerabilities | Software : Readymade Unilevel Ecommerce | Last Update : 15/03/24 TESTED VERSION...
Admidio has Blind SQL Injection in ecard_send.php
Description: An SQL Injection has been identified in the /admprogram/modules/ecards/ecardsend.php source file of the Admidio Application. The SQL Injection results in a compromise of the application's database. The value of ecardrecipients POST parameter is being directly concatenated with the SQ...
CVE-2024-38773
CVE-2024-38773: WordPress FormLift for Infusionsoft Web Forms (
CVE-2024-38773 WordPress formlift plugin <= 7.5.17 - Unauthenticated Blind SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Blind SQL Injection.This issue affects FormLift for Infusionsoft Web Forms: from n/a through 7.5.17...
Exploit for SQL Injection in Machform
Description MachForm up to version 19 is affected by an authen...
CVE-2024-3816
Sites managed in S@M CMS Concept Intermedia might be vulnerable to a blind SQL Injection executed using the search bar. Only a part of observed services is vulnerable, but since vendor has not investigated the root problem, it is hard to determine when the issue appears...
CVE-2024-3816
The CVE-2024-3816 entry concerns the S@M CMS (Concept Intermedia) platform. It states a blind SQL Injection vulnerability exploitable via the search bar, affecting only a subset of observed services; the vendor has not investigated the root cause to determine when it occurs. The CVSS v3.1 metrics...
PT-2024-27894 · Concept Intermedia · S@M Cms
Name of the Vulnerable Software and Affected Versions: S@M CMS Concept Intermedia affected versions not specified Description: The issue concerns a blind SQL Injection that can be executed using the search bar in sites managed by S@M CMS. It is noted that only a part of the observed services is...
Lost And Found Information System 1.0 SQL Injection
Exploit Title: Unauthenticated Blind Time-Based SQL Injection Exploit - Lost and Found Information System Exploit Author: Amit Roy Rezur / AR0x7 Date: June 07, 2024 Vendor Homepage:...