4695 matches found
CVE-2023-33280
In the Store Commander scquickaccounting module for PrestaShop through 3.7.3, multiple sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection...
PT-2023-24263 · Prestashop · Store Commander Scfixmyprestashop Module
Name of the Vulnerable Software and Affected Versions: Store Commander scfixmyprestashop module through 2023-05-09 for PrestaShop Description: The issue allows sensitive SQL calls to be executed with a trivial HTTP request, which can be exploited to forge a blind SQL injection. Recommendations: F...
PrestaShop SQL注入漏洞
PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in PrestaShop 3.6.1 and prior versions, which stems from a sensitive SQL cal...
CVE-2023-32306 Time Tracker has Blind SQL Injection Vulnerability in Reports
Time Tracker is an open source time tracking system. A time-based blind injection vulnerability existed in Time Tracker reports in versions prior to 1.22.13.5792. This was happening because the reports.php page was not validating all parameters in POST requests. Because some parameters were not...
CVE-2023-29842
ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection Time-based via the ENtyid POST parameter...
CVE-2023-29842
ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection Time-based via the ENtyid POST parameter...
Sql injection
ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection Time-based via the ENtyid POST parameter...
CVE-2023-29842
ChurchCRM 4.5.4 is vulnerable to a Blind SQL Injection (time-based) on the endpoint /EditEventTypes.php via the EN_tyid POST parameter. The root cause is unsanitized user input used in an SQL query, enabling potential data exposure or manipulation. An exploited PoC has been published publicly (Pa...
PT-2023-22441 · Churchcrm · Churchcrm
Name of the Vulnerable Software and Affected Versions: ChurchCRM version 4.5.4 Description: The issue concerns a Blind SQL Injection vulnerability, specifically time-based, affecting the /EditEventTypes.php endpoint through the EN tyid POST parameter. Recommendations: For ChurchCRM version 4.5.4,...
CVE-2023-29842
ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection Time-based via the ENtyid POST parameter...
CVE-2023-0765
The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Slider plugin https://wordpress.org/plugins/slider-bws/ must...
Sql injection
The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Slider plugin https://wordpress.org/plugins/slider-bws/ must...
CVE-2023-0765 Gallery by BestWebSoft < 4.7.0 - Author+ SQL Injection
The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Slider plugin https://wordpress.org/plugins/slider-bws/ must...
Snitz Forum 1.0 SQL Injection
Exploit Title: Snitz Forum v1.0 - Blind SQL Injection Date: 13/03/2023 Exploit Author: Emiliano Febbi Vendor Homepage: https://forum.snitz.com/ Software Link: https://sourceforge.net/projects/sf2k/files/ Version: ALL VERSION Tested on: Windows 10 code . . / ///I . / // 0day PoC...
NotrinosERP 0.7 - Authenticated Blind SQL Injection Exploit
Exploit Title: NotrinosERP 0.7 - Authenticated Blind SQL Injection Exploit Author: Arvandy Blog Post: https://github.com/arvandy/CVE/blob/main/CVE-2023-24788/CVE-2023-24788.md Software Link: https://github.com/notrinos/NotrinosERP/releases/tag/0.7 Vendor Homepage: https://notrinos.com/ Version: 0...
Snitz Forum v1.0 - Blind SQL Injection Vulnerability
Exploit Title: Snitz Forum v1.0 - Blind SQL Injection Exploit Author: Emiliano Febbi Vendor Homepage: https://forum.snitz.com/ Software Link: https://sourceforge.net/projects/sf2k/files/ Version: ALL VERSION Tested on: Windows 10 code . . / ///I . / // 0day PoC...
Snitz Forum v1.0 - Blind SQL Injection
Exploit Title: Snitz Forum v1.0 - Blind SQL Injection Date: 13/03/2023 Exploit Author: Emiliano Febbi Vendor Homepage: https://forum.snitz.com/ Software Link: https://sourceforge.net/projects/sf2k/files/ Version: ALL VERSION Tested on: Windows 10 code . . / ///I . / // 0day PoC...
CVE-2023-28883
In Cerebrate 1.13, a blind SQL injection exists in the searchAll API endpoint...
Sql injection
In Cerebrate 1.13, a blind SQL injection exists in the searchAll API endpoint...
CVE-2023-28883
In Cerebrate 1.13, a blind SQL injection exists in the searchAll API endpoint...