CVE-2022-1374

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in DIAEunHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-1374

Delta Electronics DIAEnergie is affected by a blind SQL injection in GetDemandAnalysisData and various handlers (e.g., DIAE_unHandler.ashx) across all versions prior to 1.8.02.004. The vulnerability allows an attacker to inject arbitrary SQL, retrieve/modify database contents, and execute system ...

CVE-2022-1367

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in HandlerTCV.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-1366

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in HandlerChart.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-27104

An Unauthenticated time-based blind SQL injection vulnerability exists in Forma LMS prior to v.1.4.3...

CVE-2022-26631

CVE-2022-26631 affects the Automatic Question Paper Generator v1.0. The vulnerability is a time-based blind SQL injection exploitable through the id parameter in GET requests, enabling an attacker to infer data from the database. The issue is documented across multiple sources (NVD entry and seve...

CVE-2022-27366

Cscms Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the component danceDance.phphy...

CVE-2022-1258

A blind SQL injection vulnerability in the ePolicy Orchestrator ePO extension of MA prior to 5.7.6 can be exploited by an authenticated administrator on ePO to perform arbitrary SQL queries in the back-end database, potentially leading to command execution on the server...

CVE-2022-1258

A blind SQL injection vulnerability in the ePolicy Orchestrator ePO extension of MA prior to 5.7.6 can be exploited by an authenticated administrator on ePO to perform arbitrary SQL queries in the back-end database, potentially leading to command execution on the server...

CSZ CMS 1.2.9 - Multiple Blind SQL injection (Authenticated) Vulnerability

Exploit Title: CSZ CMS 1.2.9 - 'Multiple' Blind SQLiAuthenticated Exploit Author: Rahad Chowdhury Vendor Homepage: https://www.cszcms.com/ Software Link: https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.2.9.zip Version: 1.2.9 Tested on: Windows 10, Kali Linux, PHP 7.4.16, Apache...

CSZ CMS 1.2.9 SQL Injection

Exploit Title: CSZ CMS 1.2.9 - 'Multiple' Blind SQL Injection Authenticated Date: 2021-04-14 Exploit Author: Rahad Chowdhury Vendor Homepage: https://www.cszcms.com/ Software Link: https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.2.9.zip Version: 1.2.9 Tested on: Windows 10, Kali...

CSZ CMS 1.2.9 - 'Multiple' Blind SQLi(Authenticated)

Exploit Title: CSZ CMS 1.2.9 - 'Multiple' Blind SQLiAuthenticated Date: 2021-04-14 Exploit Author: Rahad Chowdhury Vendor Homepage: https://www.cszcms.com/ Software Link: https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.2.9.zip Version: 1.2.9 Tested on: Windows 10, Kali Linux, PHP...

CVE-2022-26666

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in HandlerECC.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-27175

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability that exists in GetCalcTagList. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-26887

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in DIAEloopmapHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-0923

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability that exists in HandlerDialogKID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-26349

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability that exists in DIAEeccoefficientHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-0923

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability that exists in HandlerDialogKID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-26666

Delta Electronics DIAEnergie (all versions before 1.9) contains a blind SQL injection in HandlerECC.ashx that lets an attacker inject arbitrary SQL, retrieve/modify data, and potentially execute system commands. The CVSS v3.1 base score is 9.8 (CRITICAL), with network access, no authentication, a...

CVE-2021-43701

CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnerability in the endpoint /admin/export/getcsv/articledb, via the fieldS and orderby parameters...