CVE-2023-51448

CVE-2023-51448 affects Cacti 1.2.25, where a Blind SQL Injection flaw exists in SNMP Notification Receivers within managers.php. An authenticated user with Settings/Utilities can craft a GET request to /cacti/managers.php carrying an SQLi payload in selected_graphs_array, enabling potentially una...

CVE-2023-48823

A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login...

Sql injection

A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login...

CVE-2023-48823

GaatiTrack Courier Management System v1.0 is affected by a Blind SQL injection in ajax.php during login, exploitable via the email parameter by an unauthenticated attacker. The issue arises from improper handling of the email input in the login flow, enabling arbitrary SQL execution and potential...

CVE-2023-48823

A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login...

GaatiTrack Courier Management System 1.0 SQL Injection Vulnerability

Exploit Title: GaatiTrack Courier Management System v1.0 - SQL Injection Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.mayurik.com/ Software Link: https://www.mayurik.com/source-code/P0998/best-courier-management-system-project-in-php Version: v1.0 Teste...

Mars: Blind SQL Injection on █████ via URI Path

The vulnerability involved a time-based SQL injection attack on the target system via the URI path. The attack capitalized on vulnerabilities in the application's interactions with the database, allowing the attacker to extract information by purposefully delaying database processing and observin...

CVE-2023-33481

RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection attack in the 'start' GET parameter of patients/index.php...

Sql injection

Blind SQL injection in apiid parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query...

CVE-2023-42283

The CVE-2023-42283 issue affects Tyk Gateway 5.0.3, where a blind SQL injection in the api_id parameter enables an attacker to access and dump the database. The root cause is the lack of input handling for the api_id parameter in the affected endpoint, as described in multiple sources. A PoC/expl...

CVE-2023-33481

RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection attack in the 'start' GET parameter of patients/index.php...

CVE-2023-42284

CVE-2023-42284 concerns Tyk Gateway 5.0.3. The vulnerability is a blind SQL injection in the API parameter api_version , enabling an attacker to access and dump the database via a crafted query. Reported impact is high (database exposure/compromise) with CVSS 3.1 base score 9.8 (CRITICAL) from NV...

CVE-2023-33481

RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection in the 'start' parameter of patients/index.php. The issue stems from improper handling of user input in that endpoint, enabling an attacker to infer data via time-based responses. Impact is described as high/confidentiality, integ...

CVE-2023-42284

Blind SQL injection in apiversion parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query...

Design/Logic Flaw

Under certain conditions, Nessus Network Monitor was found to not properly enforce input validation. This could allow an admin user to alter parameters that could potentially allow a blindSQL injection...

CVE-2023-5624 Blind SQL Injection

Under certain conditions, Nessus Network Monitor was found to not properly enforce input validation. This could allow an admin user to alter parameters that could potentially allow a blindSQL injection...

CVE-2023-4608

An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected...

CVE-2023-4608

An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected...

PT-2023-29831 · Lenovo · Thinksystem

Name of the Vulnerable Software and Affected Versions: ThinkSystem versions v2 and v3 Description: An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. Recommendations: For ThinkSystem versions v2 and v3, consider...

Horizontal scrolling announcement <= 9.2 - Authenticated (subscriber+) Blind SQL Injection

Description The plugin did not sanitise its sid shortcode parameter before using it in a SQL statement, allowing low privilege users subscriber+ to perform Blind SQL Injection attack...