Tarkov Data Manager SQL注入漏洞

Tarkov Data Manager is a database management tool from The Hideout open source. A SQL injection vulnerability exists in previous versions of Tarkov Data Manager 9bdb3a75a98a7047b6d70144eb1da1655d6992a8, which stems from the presence of blind time-based SQL injection in the webhook editor and...

WordPress plugin VikRentCar Car Rental Management System SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL-based servers. A SQL injectio...

EUVD-2024-34358

Malicious code in bioql PyPI...

CVE-2025-61605

WeGIA contains an SQL Injection in version 3.4.12 and earlier, exploitable via the id_pet parameter in /pet/profile_pet.php. The root cause is improper handling of that parameter, allowing arbitrary SQL commands and compromising database confidentiality, integrity, and availability. A fix is avai...

CVE-2025-61605 WeGIA: SQL Injection (Blind Time-Based) Vulnerability in /pet/profile_pet.php Endpoint

WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain an SQL Injection vulnerability which was identified in the /pet/profilepet.php endpoint, specifically in the idpet parameter. This vulnerability allows attackers to execute arbitrary SQL...

CVE-2025-58454 WeGIA vulnerable to Blind Time-Based SQL Injection in endpoint 'listar_despachos.php' parameter 'id_memorando'

WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in WeGIA versions 3.4.10 and prior inthe endpoint /WeGIA/html/memorando/listardespachos.php, in the idmemorando parameter. This vulnerability allow an authorized attacker to execute arbitrary SQL...

CVE-2025-58453 WeGIA vulnerable to Blind Time-Based SQL Injection in endpoint 'exibe_anexo.php' parameter 'id_anexo'

WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in WeGIA versions 3.4.10 and prior in the endpoint /WeGIA/html/memorando/exibeanexo.php, in the idanexo parameter. This vulnerability allow an authorized attacker to execute arbitrary SQL queries,...

Mars: SQLi At `███████` via `theme_name`

A SQL injection vulnerability was discovered in a web application's theme selection endpoint through the "themename" parameter. Using SQLMap, the vulnerability was demonstrated to be exploitable through both error-based and time-based blind injection attacks against a MySQL database version 5.1 o...

📄 Campcodes Online Hospital Management System 1.0 SQL Injection

Campcodes Online Hospital Management System version 1.0 suffers from a remote SQL injection vulnerability. Exploit Title: Campcodes Online Hospital Management System 1.0 - SQL Injection Google Dork: N/A Exploit Author: Carine Constantino Vendor Homepage: https://www.campcodes.com Software Link:...

CVE-2025-30364 WeGIA vulnerable to SQL Injection (Blind Time-Based) in remuneracao.php parameter id_funcionario

WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.8 in the endpoint /WeGIA/html/funcionario/remuneracao.php, in the idfuncionario parameter. This vulnerability allows the execution of arbitrary SQL commands, which can...

CVE-2025-22141 WeGIA SQL Injection (Blind Time-Based) endpoint 'verificar_recursos_cargo.php' parameter 'cargo'

WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /dao/verificarrecursoscargo.php endpoint, specifically in the cargo parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity...

WordPress plugin Cost Calculator Builder PRO SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

Simple Laboratory Management System 1.0 SQL Injection

Exploit Title: Simple Laboratory Management System - Manual Blind Time Based SQL Injection Exploit Description: A SQL Injection vulnerability in Computer Laboratory Management System v1.0 allows attackers to execute arbitrary SQL commands on the database server which causes the services to delay ...

CVE-2023-5203

The WP Sessions Time Monitoring Full Automatic WordPress plugin before 1.0.9 does not sanitize the request URL or query parameters before using them in an SQL query, allowing unauthenticated attackers to extract sensitive data from the database via blind time based SQL injection techniques, or in...

Sql injection

The WP Sessions Time Monitoring Full Automatic WordPress plugin before 1.0.9 does not sanitize the request URL or query parameters before using them in an SQL query, allowing unauthenticated attackers to extract sensitive data from the database via blind time based SQL injection techniques, or in...

Sql injection

There are two full read/write Blind/Time-based SQL injection vulnerabilities in the Northstar Club Management version 6.3 application. The vulnerabilities exist in the userName parameter of the processlogin.jsp page in the /northstar/Portal/ directory and the userID parameter of the login.jsp pag...

Anuko Time Tracker SQL注入漏洞

Anuko Time Tracker is an open source time counting system for individual developers. A platform for counting the time spent by employees on various tasks. An SQL injection vulnerability exists in versions prior to Anuko Time Tracker 1.20.0.5646.The vulnerability stems from the fact that the Punch...

CVE-2021-44249

Online Motorcycle Bike Rental System 1.0 is vulnerable to a Blind Time-Based SQL Injection attack within the login portal. This can lead attackers to remotely dump MySQL database credentials...

Online Motorcycle (Bike) Rental System 1.0 SQL Injection

Exploit Title: Online Motorcycle Bike Rental System 1.0 - Blind Time-Based SQL Injection Unauthenticated Exploit Author: Chase ComardelleCASO Date: October 18, 2021 Vendor Homepage: https://www.sourcecodester.com/php/14989/online-motorcycle-bike-rental-system-phpoop-source-code.html Software Link...

Sql injection

An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A blind time-based SQL injection issue allows remote unauthenticated attackers to retrieve information from the database via a ticket...