CVE-2023-3077 MStore API < 3.9.8 - Unauthenticated Blind SQLi

The MStore API WordPress plugin before 3.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, an...

MStore API < 3.9.8 - Unauthenticated Blind SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, and uses the woocommerce-appointment...

MStore API < 3.9.8 - Unauthenticated Blind SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, and uses the woocommerce-appointment...

Exploit for SQL Injection in Cmsmadesimple Cms_Made_Simple

CVE-2019-9053 Exploit Python 3 This repository contains an e...

Gallery by BestWebSoft < 4.7.0 - Author+ SQL Injection

The plugin does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Slider plugin https://wordpress.org/plugins/slider-bws/ must also be installed for this vulnerability to b...

Gallery by BestWebSoft < 4.7.0 - Author+ SQL Injection

The plugin does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Slider plugin https://wordpress.org/plugins/slider-bws/ must also be installed for this vulnerability to b...

Delta Electronics DIAEnergie Blind SQLi (CVE-2022-26013)

Binary data deltaelectronicsdiaenergiecve-2022-26013.nbin...

Ketchup Restaurant Reservations <= 1.0.0 - Unauthenticated Blind SQLi

The plugin does not validate and escape some reservation parameters before using them in SQL statements, which could allow unauthenticated attackers to perform SQL Injection attacks As unauthenticated, fill the reservation form it's on a page where the reservationform is embed, intercept the...

CVE-2022-36201

Doctor’s Appointment System v1.0 is vulnerable to Blind SQLi via settings.php...

CVE-2022-36201

Doctor’s Appointment System v1.0 is vulnerable to Blind SQLi via settings.php...

CVE-2022-36201

CVE-2022-36201 affects Doctor’s Appointment System v1.0. A blind SQL injection vulnerability exists in settings.php and is also exploitable via the id parameter in booking.php, enabling attackers to potentially access or modify data. The issue is documented with a high severity (CVSS v3.1: 9.8, c...

Delta Electronics DIAEnergie Blind SQLi (CVE-2021-38391)

Binary data deltaelectronicsdiaenergiecve-2021-38391.nbin...

OpenCart v3.x Newsletter Module - Blind SQL injection Vulnerability

Exploit Title: OpenCart v3.x Newsletter Module - Blind SQLi Exploit Author: Saud Alenazi Vendor Homepage: https://www.opencart.com/ Software Link: https://www.opencart.com/index.php?route=marketplace/extension/info&extensionid=32750&filtermember=Zemez Version: v.3.0.2.0 Tested on: XAMPP, Linux...

OpenCart v3.x Newsletter Module - Blind SQLi

Exploit Title: OpenCart v3.x Newsletter Module - Blind SQLi Date: 19/05/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.opencart.com/ Software Link: https://www.opencart.com/index.php?route=marketplace/extension/info&extensionid=32750&filtermember=Zemez Version: v.3.0.2.0 Tested on...

CSZ CMS 1.3.0 SQL Injection

Exploit Title: CSZ CMS 1.3.0 - 'Multiple' Blind SQLi Date: 2021-04-22 Exploit Author: Dogukan Dincer Vendor Homepage: https://www.cszcms.com/ Software Link: https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.3.0.zip/download Version: 1.3.0 Tested on: Kali Linux, Windows 10, PHP 7.2.4...

WebTareas 2.4 SQL Injection

Exploit Title: WebTareas 2.4 - Blind SQLi Authenticated Date: 04/20/2022 Exploit Author: Behrad Taher Vendor Homepage: https://sourceforge.net/projects/webtareas/ Version: 2.4p3 CVE : CVE-2021-43481 The script takes 3 arguments: IP, user ID, session ID Example usage: python3 webtareassqli.py...

WebTareas 2.4 - Blind SQLi (Authenticated)

Exploit Title: WebTareas 2.4 - Blind SQLi Authenticated Date: 04/20/2022 Exploit Author: Behrad Taher Vendor Homepage: https://sourceforge.net/projects/webtareas/ Version: 2.4p3 CVE : CVE-2021-43481 The script takes 3 arguments: IP, user ID, session ID Example usage: python3 webtareassqli.py...

CSZ CMS 1.3.0 - &#039;Multiple&#039; Blind SQLi

Exploit Title: CSZ CMS 1.3.0 - 'Multiple' Blind SQLi Date: 2021-04-22 Exploit Author: Dogukan Dincer Vendor Homepage: https://www.cszcms.com/ Software Link: https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.3.0.zip/download Version: 1.3.0 Tested on: Kali Linux, Windows 10, PHP 7.2.4...

Fingerprint Attendance 1.0 SQL Injection Vulnerability

Title: Fingerprint Attendance 1.0 Blind boolean SQLi To Rce Author: Hejap Zairy Vendor: https://www.vetbossel.in/fingerprint-attendance-project-php/ Software: https://app.box.com/s/xlyqalhvayq8oi25tqykcbouzrrjytqy Reference: https://github.com/Matrix07ksa Tested on: Windows, MySQL, Apache Steps 1...

Pay Slip PDF Generator System 1.0 SQL Injection Vulnerability

Pay Slip PDF Generator System version suffers from multiple remote SQL injection vulnerabilities that can lead to remote code execution. Title: Pay Slip PDF Generator System 1.0 Blind time SQLi To Rce Author: Hejap Zairy Vendor:...