PT-2023-19053 · Nozomi Networks · Nozomi Networks Cmc +1

Name of the Vulnerable Software and Affected Versions: Nozomi Networks Guardian and CMC affected versions not specified Description: A blind SQL Injection vulnerability, due to improper input validation in the alerts count component, allows an authenticated attacker to execute arbitrary SQL...

CVE-2023-3983

An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection to perform blind SQL injection...

CVE-2023-3983

An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection to perform blind SQL injection...

U.S. Dept Of Defense: Blind Sql Injection in https://█████/qsSearch.aspx

A blind SQL injection vulnerability was discovered in the qsSearch.aspx page of the application. An attacker could exploit this vulnerability to bypass authentication and retrieve sensitive information from the database. The vulnerability has been mitigated by implementing appropriate security...

Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution Exploit

Exploit Title: Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution Exploit Author: Thurein Soe CVE : CVE-2022-28171 Vendor Homepage: https://www.hikvision.com Software Link: N/A Refence Link: https://cve.report/CVE-2022-28171 Version: Filmora 12: Ds-a71024 Firmware, Ds-a71024...

Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution

Exploit Title: Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution Date: 16 July 2023 Exploit Author: Thurein Soe CVE : CVE-2022-28171 Vendor Homepage: https://www.hikvision.com Software Link: N/A Refence Link: https://cve.report/CVE-2022-28171 Version: Filmora 12: Ds-a71024...

Qatanna POS Software 1.0 Blind SQL Injection

Exploit Title: Qatanna POS Software 1.0 - Blind SQL Injection Exploit Date: May 07, 2023. CVSS 3.1: 8.8 High CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Application Name: Qatanna POS Software Application Version: 1.0 Link: https://www.codester.com/items/42053/qatanna-pos-software...

CVE-2023-3077

The MStore API WordPress plugin before 3.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, an...

Sql injection

The MStore API WordPress plugin before 3.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, an...

CVE-2023-3077

CVE-2023-3077 affects the MStore API WordPress plugin prior to version 3.9.8. The vulnerability is a Blind SQL injection in which the product_id parameter is not sanitized/escaped before being used in a SQL statement, and it is exploitable by unauthenticated users. Public details indicate exploit...

CVE-2023-3197

The MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the 'id' parameter in versions up to, and including, 4.0.1 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This makes it possible...

CVE-2023-3197 MStore API <= 4.0.1 - Unauthenticated SQL Injection

The MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the 'id' parameter in versions up to, and including, 4.0.1 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This makes it possible...

CVE-2023-2080

CVE-2023-2080 covers an SQL injection issue in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway and Email Security Cloud. The root cause cited is improper neutralization of special elements used in an SQL command, leading to Blind SQL Injection. Documents indicate affe...

CVE-2023-2080

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Forcepoint Cloud Security Gateway CSG Portal on Web Cloud Security Gateway, Email Security Cloud allows Blind SQL Injection...

PT-2023-17639 · Forcepoint · Forcepoint Cloud Security Gateway (Csg) Portal

Name of the Vulnerable Software and Affected Versions: Forcepoint Cloud Security Gateway CSG Portal affected versions not specified Description: The issue is related to an SQL Injection vulnerability, specifically an Improper Neutralization of Special Elements used in an SQL Command. This allows...

U.S. Dept Of Defense: Blind Sql Injection https:/████████

A blind SQL injection vulnerability was discovered on a website, allowing an attacker to execute arbitrary SQL commands...

Exploit for SQL Injection in Icegram Email_Subscribers_\&_Newsletters

CVE-2022-0439 CVE-2022-0439 - Email Subscribers & Newslett...

CVE-2023-33278

In the Store Commander scexportcustomers module for PrestaShop through 3.6.1, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection...

CVE-2023-33279

In the Store Commander scfixmyprestashop module through 2023-05-09 for PrestaShop, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection...

CVE-2023-33280

In the Store Commander scquickaccounting module for PrestaShop through 3.7.3, multiple sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection...