Opencart 3 Extension TMD Vendor System SQL Injection

Exploit Title: Opencart 3 Extension TMD Vendor System - Blind SQL Injection Author: Muhammad Zaki Sulistya [email protected] Date: 03-11-2021 Product: TMD Vendor System Vendor Homepage: https://www.opencartextensions.in/ Software Link:...

CVE-2020-21726

OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the cid parameter...

CVE-2020-21725

OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the pid parameter...

CVE-2020-21725

OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the pid parameter...

Sql injection

OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the cid parameter...

Sql injection

OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the pid parameter...

CVE-2020-21726

OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the cid parameter...

Sql injection

A blind SQL injection vulnerability exists in the Raymart DG / Ahmed Helal Hotel-mgmt-system. A malicious attacker can retrieve sensitive database information and interact with the database using the vulnerable cid parameter in processupdateprofile.php...

CVE-2021-41651

CVE-2021-41651 describes a blind SQL injection in the Raymart DG / Ahmed Helal Hotel-mgmt-system. The vulnerability resides in the vulnerable parameter cid of process_update_profile.php , allowing an attacker to retrieve sensitive database information via unauthenticated, time-based blind techniq...

Library Management System 1.0 SQL Injection

Exploit Title: Library Management System 1.0 - Blind Time-Based SQL Injection Unauthenticated Exploit Author: Bobby Cooke @0xBoku & Adeeb Shah @hyd3sec Date: 16/09/2021 Vendor Homepage: https://www.sourcecodester.com/php/12469/library-management-system-using-php-mysql.html Software Link:...

Library Management System 1.0 - Blind Time-Based SQL Injection (Unauthenticated)

Exploit Title: Library Management System 1.0 - Blind Time-Based SQL Injection Unauthenticated Exploit Author: Bobby Cooke @0xBoku & Adeeb Shah @hyd3sec Date: 16/09/2021 Vendor Homepage: https://www.sourcecodester.com/php/12469/library-management-system-using-php-mysql.html Software Link:...

CVE-2021-38706

messagesload.php in ClinicCases 7.3.3 suffers from a blind SQL injection vulnerability, which allows low-privileged attackers to execute arbitrary SQL commands through a vulnerable parameter...

Sql injection

messagesload.php in ClinicCases 7.3.3 suffers from a blind SQL injection vulnerability, which allows low-privileged attackers to execute arbitrary SQL commands through a vulnerable parameter...

CVE-2021-38393

A Blind SQL injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter agid before using it as part of an SQL query....

CVE-2021-32983

A Blind SQL injection vulnerability exists in the /DataHandler/HandlerCFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter keyword before using it as part of an SQL query. A...

CVE-2021-38390

A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter egyid before using it as part of an SQL query...

Sql injection

A Blind SQL injection vulnerability exists in the /DataHandler/AM/AMHandler.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter type before using it as part of an SQL query. A...

Sql injection

A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter egyid before using it as part of an SQL query...

CVE-2021-38390

A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter egyid before using it as part of an SQL query...

CVE-2021-38390

CVE-2021-38390 affects Delta Electronics DIAEnergie (endpoint /DataHandler/HandlerEnergyType.ashx). The flaw is an improper validation of the egyid parameter, enabling Blind SQL Injection that can lead to arbitrary code execution in the MSSQLSERVER context. Public advisories note the vulnerabilit...