4691 matches found
CVE-2022-29688
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/hy...
CVE-2022-29682
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/vod/admin/topic/del...
CVE-2022-29684
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/jsdel...
CVE-2022-29685
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/User/levelsort...
CVE-2022-29683
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/pagedel...
CVE-2022-29661
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/save...
CVE-2022-29305
imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost...
CVE-2022-28105
Online Sports Complex Booking System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /scbs/viewfacility.php...
CVE-2022-1013
The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability...
CVE-2022-24226
Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php...
CVE-2021-43969
The login.jsp page of Quicklert for Digium 10.0.0 1043 is affected by both Blind SQL Injection with Out-of-Band Interaction DNS and Blind Time-Based SQL Injections. Exploitation can be used to disclose all data within the database up to and including the administrative accounts' login IDs and...
CVE-2021-43789
PrestaShop is an Open Source e-commerce web application. Versions of PrestaShop prior to 1.7.8.2 are vulnerable to blind SQL injection using search filters with orderBy and sortOrder parameters. The problem is fixed in version 1.7.8.2...
CVE-2021-38393
A Blind SQL injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter agid before using it as part of an SQL query....
CVE-2021-32983
A Blind SQL injection vulnerability exists in the /DataHandler/HandlerCFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter keyword before using it as part of an SQL query. A...
CVE-2021-24345
The page lists-management feature of the Sendit WP Newsletter WordPress plugin through 2.5.1, available to Administrator users does not sanitise, validate or escape the idlista POST parameter before using it in SQL statement, therefore leading to Blind SQL Injection...
CVE-2021-3860
JFrog Artifactory before 7.25.4 Enterprise+ deployments only, is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query...
CVE-2021-35487
Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates for the Manage Alerts page via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user,...
CVE-2021-25784
Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article...
CVE-2021-24360
The Yes/No Chart WordPress plugin before 1.0.12 did not sanitise its sid shortcode parameter before using it in a SQL statement, allowing medium privilege users contributor+ to perform Blind SQL Injection attacks...
CVE-2021-44915
Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category...