Lucene search
K

4698 matches found

Packet Storm
Packet Storm
added 2024/09/24 12:0 a.m.250 views

Blood Pressure Monitoring System 1.0 SQL Injection

============================================================================================================================================= | Title : Blood Pressure Monitoring System 1.0 Blind Sql Injection injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browse...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/09/10 12:0 a.m.27 views

Cisco Identity Services Engine REST API Blind SQLi (cisco-sa-ise-rest-5bPKrNtZ)

According to its self-reported version, Cisco Identity Services Engine REST API Blind SQL Injection Vulnerabilities is affected by a Blind SQL Injection SQLi vulnerability. - Multiple vulnerabilities in the REST API of Cisco Identity Services Engine ISE could allow an authenticated, remote attack...

8.1CVSS6.1AI score0.00498EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2024/09/04 3:15 p.m.7 views

CVE-2024-7076

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows Blind SQL Injection. This issue affects Semtek Sempos: through 31072024...

9.8CVSS5.8AI score0.00465EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2024/09/02 6:15 p.m.4 views

CVE-2024-6919

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Blind SQL Injection. This issue affects NACPremium: through 01082024...

9.8CVSS5.8AI score0.00421EPSS
Exploits0References3
CVE
CVE
added 2024/09/02 12:25 p.m.56 views

CVE-2024-6919

CVE-2024-6919 is a SQL injection vulnerability in NAC Premium (NACPremium) caused by improper neutralization of special elements, enabling blind SQL injection. Affected versions are through 01082024. Connected documents consistently reference this as a NACPremium issue with potential data exposur...

9.8CVSS5.8AI score0.00421EPSS
Exploits0References2Affected Software1
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.158 views

WordPress ChopSlider3 Id SQL Injection Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress ChopSlider3 id SQLi Scanner', 'Description' = %q The iDangero.us Chop Slider 3 WordPress plugin version 3.4 and prior contains a blind...

9.8CVSS7AI score0.95657EPSS
Exploits8
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.403 views

Grandstream UCM62xx IP PBX WebSocket Blind SQL Injection Credential Dump

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Grandstream UCM62xx IP PBX WebSocket Blind SQL Injection Credential Dump', 'Description' = %q This module uses a blind SQL injection CVE-2020-572...

9.8CVSS7AI score0.11875EPSS
Exploits4
OSV
OSV
added 2024/08/21 8:15 p.m.3 views

CVE-2024-20417

Multiple vulnerabilities in the REST API of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct blind SQL injection attacks. These vulnerabilities are due to insufficient validation of user-supplied input in REST API calls. An attacker could exploit these...

8.1CVSS5.9AI score0.00498EPSS
Exploits0References1
NVD
NVD
added 2024/08/17 10:15 a.m.19 views

CVE-2023-3419

The tagDiv Opt-In Builder plugin is vulnerable to Blind SQL Injection via the 'couponId' parameter of the 'recreatestripesubscription' REST API endpoint in versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

7.2CVSS0.00557EPSS
Exploits0References2
NVD
NVD
added 2024/08/17 10:15 a.m.22 views

CVE-2023-3416

The tagDiv Opt-In Builder plugin is vulnerable to Blind SQL Injection via the 'subscriptionCouponId' parameter via the 'createstripesubscription' REST API endpoint in versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...

7.2CVSS0.00561EPSS
Exploits0References2
CVE
CVE
added 2024/08/17 9:38 a.m.83 views

CVE-2023-3419

CVE-2023-3419 concerns tagDiv Opt-In Builder (WordPress plugin) with a Blind SQL Injection in the couponId parameter of the recreate_stripe_subscription REST endpoint. Affected versions up to and including 1.4.4 allow an authenticated administrator to append SQL statements to existing queries, en...

7.2CVSS7.3AI score0.00557EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2024/08/02 12:0 a.m.348 views

ReadyMade Unilevel Ecommerce MLM Blind SQL Injection / Cross Site Scripting

x========================================================================================================================================x | Title : Readymade Unilevel Ecommerce MLM Blind SQL & XSS Vulnerabilities | Software : Readymade Unilevel Ecommerce | Last Update : 15/03/24 TESTED VERSION...

7.4AI score
Exploits0
Github Security Blog
Github Security Blog
added 2024/07/29 4:31 p.m.22 views

Admidio has Blind SQL Injection in ecard_send.php

Description: An SQL Injection has been identified in the /admprogram/modules/ecards/ecardsend.php source file of the Admidio Application. The SQL Injection results in a compromise of the application's database. The value of ecardrecipients POST parameter is being directly concatenated with the SQ...

9.9CVSS8.7AI score0.00931EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2024/07/22 10:7 a.m.54 views

CVE-2024-38773

CVE-2024-38773: WordPress FormLift for Infusionsoft Web Forms (

9.8CVSS9.7AI score0.02004EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/07/22 10:7 a.m.33 views

CVE-2024-38773 WordPress formlift plugin <= 7.5.17 - Unauthenticated Blind SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Blind SQL Injection.This issue affects FormLift for Infusionsoft Web Forms: from n/a through 7.5.17...

9.3CVSS0.02004EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2024/07/01 10:39 a.m.337 views

Exploit for SQL Injection in Machform

Description MachForm up to version 19 is affected by an authen...

8.8CVSS7AI score0.00831EPSS
Exploits2
NVD
NVD
added 2024/06/28 1:15 p.m.23 views

CVE-2024-3816

Sites managed in S@M CMS Concept Intermedia might be vulnerable to a blind SQL Injection executed using the search bar. Only a part of observed services is vulnerable, but since vendor has not investigated the root problem, it is hard to determine when the issue appears...

9.8CVSS0.00483EPSS
Exploits0References2
CVE
CVE
added 2024/06/28 12:45 p.m.51 views

CVE-2024-3816

The CVE-2024-3816 entry concerns the S@M CMS (Concept Intermedia) platform. It states a blind SQL Injection vulnerability exploitable via the search bar, affecting only a subset of observed services; the vendor has not investigated the root cause to determine when it occurs. The CVSS v3.1 metrics...

9.8CVSS9.8AI score0.00483EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/28 12:0 a.m.5 views

PT-2024-27894 · Concept Intermedia · S@M Cms

Name of the Vulnerable Software and Affected Versions: S@M CMS Concept Intermedia affected versions not specified Description: The issue concerns a blind SQL Injection that can be executed using the search bar in sites managed by S@M CMS. It is noted that only a part of the observed services is...

9.8CVSS8.2AI score0.00483EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2024/06/13 12:0 a.m.226 views

Lost And Found Information System 1.0 SQL Injection

Exploit Title: Unauthenticated Blind Time-Based SQL Injection Exploit - Lost and Found Information System Exploit Author: Amit Roy Rezur / AR0x7 Date: June 07, 2024 Vendor Homepage:...

7.4AI score0.00865EPSS
Exploits2
Rows per page
Query Builder