4695 matches found
CVE-2023-43794 SQL Injection in nocodb
Nocodb is an open source Airtable alternative. Affected versions of nocodb contain a SQL injection vulnerability, that allows an authenticated attacker with creator access to query the underlying database. By supplying a specially crafted payload to the given an attacker can inject arbitrary SQL...
ChurchCRM 4.5.4 SQL Injection Exploit
Exploit Title: ChurchCRM 4.5.4 - Authenticated Blind SQL Injection via the ENtyid Date: 03-05-2023 Exploit Author: Arvandy Blog Post: https://github.com/arvandy/CVE/blob/main/CVE-2023-29842/CVE-2023-29842.md Software Link: https://github.com/ChurchCRM/CRM/releases Vendor Homepage:...
ChurchCRM 4.5.4 SQL Injection
Exploit Title: ChurchCRM 4.5.4 - Authenticated Blind SQL Injection via the ENtyid Date: 03-05-2023 Exploit Author: Arvandy Blog Post: https://github.com/arvandy/CVE/blob/main/CVE-2023-29842/CVE-2023-29842.md Software Link: https://github.com/ChurchCRM/CRM/releases Vendor Homepage:...
HBSQLI - Automated Tool For Testing Header Based Blind SQL Injection
HBSQLI is an automated command-line tool for performing Header Based Blind SQL injection attacks on web applications. It automates the process of detecting Header Based Blind SQL injection vulnerabilities, making it easier for security researchers , penetration testers & bug bounty hunters to tes...
CVE-2023-45162
Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution. Application of the relevant hotfix remediates this issue. for v8.1.2 apply hotfix Q23166 for v8.4.1 apply hotfix Q23164 for v9.0.1 apply hotfix Q23169 SaaS implementations on v23.7.1...
Sql injection
Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution. Application of the relevant hotfix remediates this issue. for v8.1.2 apply hotfix Q23166 for v8.4.1 apply hotfix Q23164 for v9.0.1 apply hotfix Q23169 SaaS implementations on v23.7.1...
CVE-2023-45162 Blind SQL vulnerability in 1E platform
Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution. Application of the relevant hotfix remediates this issue. for v8.1.2 apply hotfix Q23166 for v8.4.1 apply hotfix Q23164 for v9.0.1 apply hotfix Q23169 SaaS implementations on v23.7.1...
CVE-2023-45162 Blind SQL vulnerability in 1E platform
Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution. Application of the relevant hotfix remediates this issue. for v8.1.2 apply hotfix Q23166 for v8.4.1 apply hotfix Q23164 for v9.0.1 apply hotfix Q23169 SaaS implementations on v23.7.1...
CVE-2023-45162
CVE-2023-45162 affects 1E Platform versions 8.1.2–9.0.1 (SaaS on 23.7.1+ auto-patches). The vulnerability is a Blind SQL Injection that can lead to arbitrary code execution. Root cause is the inability to properly neutralize SQL constructs in affected paths, per multiple sources. Impact is rated ...
CVE-2023-38221 Adobe Commerce | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)
Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability that could lead in arbitrary code execution by an admin-privileg...
Sql injection
Blind SQL injection vulnerability in the Conacwin 3.7.1.2 web interface, the exploitation of which could allow a local attacker to obtain sensitive data stored in the database by sending a specially crafted SQL query to the xml parameter...
CVE-2023-4037
CVE-2023-4037 affects Setelsa Security ConacWin CB 3.7.1.2. A blind SQL injection in the Conacwin web interface allows a local attacker to obtain sensitive data by sending a specially crafted SQL query to the xml parameter. The vulnerability targets the web interface component, with impact to con...
CVE-2023-5004 Hospital-management-system-in-php 378c157 - Blind SQL Injection
Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI...
Color Prediction Game v1.0 - SQL Injection
Exploit Title: Color Prediction Game v1.0 - SQL Injection Date: 2023-08-12 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://www.codester.com/items/44411/color-prediction-game-php-script Tested on: Kali Linux & MacOS CVE: N/A Request POST /loginNow.php HTTP/1.1 Host: localhost Cookie:...
CVE-2023-3864
Blind SQL injection in a service running in Snow Software license manager from version 8.0.0 up to and including 9.30.1 on Windows allows a logged in user with high privileges to inject SQL commands via the web portal...
Sql injection
Blind SQL injection in a service running in Snow Software license manager from version 8.0.0 up to and including 9.30.1 on Windows allows a logged in user with high privileges to inject SQL commands via the web portal...
CVE-2023-22378
Nozomi Networks Guardian and CMC (Nozomi Guardian/CMC) are affected by CVE-2023-22378, a blind SQL Injection vulnerability caused by improper input validation in the sorting parameter. The issue allows an authenticated attacker to execute arbitrary SQL on the target DBMS, with potential to exfilt...
CVE-2023-22378 Authenticated Blind SQL Injection on sorting in Guardian/CMC before 22.6.2
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application. Authenticated users may be able to extract arbitrary...
PT-2023-5524 · Nozomi Networks · Nozomi Networks Cmc +1
Name of the Vulnerable Software and Affected Versions: Nozomi Networks Guardian and CMC affected versions not specified Description: A blind SQL Injection issue exists due to improper input validation in the sorting parameter, allowing an authenticated attacker to execute arbitrary SQL statements...
PT-2023-19053 · Nozomi Networks · Nozomi Networks Cmc +1
Name of the Vulnerable Software and Affected Versions: Nozomi Networks Guardian and CMC affected versions not specified Description: A blind SQL Injection vulnerability, due to improper input validation in the alerts count component, allows an authenticated attacker to execute arbitrary SQL...