4695 matches found
Sql injection
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/zudel...
Sql injection
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/save...
CVE-2022-29688
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/hy...
CVE-2022-29687
CVE-2022-29687 affects CSCMS Music Portal System v4.2. A blind SQL injection exists in the id parameter of /admin.php/user/level_del, enabling potential unauthorized SQL execution. Per the CVE, impact includes partial confidentiality, integrity, and availability (CVSS 3.1: HIGH impact). No explic...
CVE-2022-29687
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/leveldel...
CVE-2022-29686
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/lists/zhuan...
CVE-2022-29685
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/User/levelsort...
CVE-2022-29685
CVE-2022-29685 affects CSCMS Music Portal System v4.2. The vulnerability is a blind SQL injection in the id parameter of /admin.php/User/level_sort, caused by lack of input validation. This can lead to unauthorized SQL execution and exposure of database data (confidentiality, integrity, and avail...
CVE-2022-29684
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/jsdel...
CVE-2022-29682
CVE-2022-29682 affects CSCMS Music Portal System v4.2. The vulnerability is a blind SQL injection reachable via the id parameter in the administrative endpoint: /admin.php/vod/admin/topic/del. Public advisories describe the issue as an SQL injection that allows potentially unauthorized SQL statem...
CVE-2022-29680
CVE-2022-29680 affects CSCMS Music Portal System v4.2. A blind SQL injection exists in the id parameter of /admin.php/user/zu_del due to lack of input validation, enabling potential unauthorized access to database data. CVSS metrics present: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (NVD 3.1) and CVSS2...
CVE-2022-29681
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Links/del...
CVE-2022-29661
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/save...
CVE-2022-29661
CVE-2022-29661 affects CSCMS Music Portal System v4.2. It has a blind SQL injection in the id parameter of /admin.php/pic/admin/type/save due to lack of input validation, enabling an attacker to execute SQL statements and potentially exfiltrate data. Root cause: unsanitized id parameter. Impact a...
CVE-2021-35487
Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates for the Manage Alerts page via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user,...
CVE-2021-35487
Summary : CVE-2021-35487 affects Nokia Broadcast Message Center up to version 11.1.0. An authenticated user can perform a Boolean Blind SQL Injection on the /owui/block/send-receive-updates endpoint via the extIdentifier HTTP POST parameter, enabling retrieval of the database user, database name,...
SQL injection in helloxz/imgurl
imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost...
GHSA-RRJV-34P5-4C7R SQL injection in helloxz/imgurl
imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost...
CVE-2022-29305
imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost...
CVE-2022-29305
imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost...