Sql injection

imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost...

CVE-2022-29305

CVE-2022-29305 concerns imgurl v2.31, which has a Blind SQL injection vulnerability located at /upload/localhost. Multiple connected sources describe the issue as an SQL injection stemming from unsanitized input in the upload handling (e.g., Veracode notes exploitation via the query parameter in ...

CVE-2022-29305

imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost...

CVE-2022-26632

Multi-Vendor Online Groceries Management System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /products/viewproduct.php...

CVE-2022-28105

Online Sports Complex Booking System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /scbs/viewfacility.php...

Online Discussion Forum Site 1.0 SQL Injection

Exploit Title: Online Discussion Forum Site 1.0 - 'id' Blind SQL Injection Date: 15/05/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15337/online-discussion-forum-site-phpoop-free-source-code.html Version: 1.0...

Blind SQL Injection with privileged Cloud Foundry UAA endpoints

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v258; UAA release 2.x versions prior to v2.7.4.15, 3.6.x versions prior to v3.6.9, 3.9.x versions prior to v3.9.11, and other versions prior to v3.16.0; and UAA bosh release uaa-release 13.x versions prior to v13.13,...

GHSA-CW9C-V3V2-99HM Blind SQL Injection with privileged Cloud Foundry UAA endpoints

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v258; UAA release 2.x versions prior to v2.7.4.15, 3.6.x versions prior to v3.6.9, 3.9.x versions prior to v3.9.11, and other versions prior to v3.16.0; and UAA bosh release uaa-release 13.x versions prior to v13.13,...

CSZ CMS 1.3.0 - (Multiple) Blind SQL injection Vulnerability

Exploit Title: CSZ CMS 1.3.0 - 'Multiple' Blind SQLi Exploit Author: Dogukan Dincer Vendor Homepage: https://www.cszcms.com/ Software Link: https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.3.0.zip/download Version: 1.3.0 Tested on: Kali Linux, Windows 10, PHP 7.2.4, Apache 2.4...

CVE-2022-1013

The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability...

ChatBot Application With A Suggestion Feature 1.0 SQL Injection

Exploit Title: ChatBot Application with a Suggestion Feature 1.0 - 'id' Blind SQL Injection Date: 05/05/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15316/chatbot-app-suggestion-phpoop-free-source-code.html...

CVE-2022-1374

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in DIAEunHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-1377

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in DIAErltHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-1375

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in DIAEslogHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-1367

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in HandlerTCV.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-1377

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in DIAErltHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-1378

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in DIAEpgHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-1377

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in DIAErltHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-1377

CVE-2022-1377 corresponds to a blind SQL injection in Delta Electronics DIAEnergie (affecting DIAE_rltHandler.ashx and other SQL injection surfaces within the app). Technical details across connected documents describe multiple SQLi vectors in various handlers (e.g., GetDemandAnalysisData, DIAE_r...

CVE-2022-1376

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in DIAEprivgrpHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...