4695 matches found
CVE-2020-23630
CVE-2020-23630 affects ZZCMS ver201910, with a blind SQL injection vulnerability based on time (cookie injection). Multiple sources confirm a SQL injection flaw in ZZCMS 201910 (lack of input validation for SQL statements) that could allow an attacker to execute arbitrary SQL commands. Documented...
MTN Group: Blind SQL Injection
hello dear support I have found Blind SQL Injection on https://futexpert.mtngbissau.com/signin/ parameters injectable phonenumber=0&pin=1&submit=Continuar via post URL:https://futexpert.mtngbissau.com/signin/ Post: email=0 my payload :...
PrestaShop ProductComments 4.2.0 - 'id_products' Time Based Blind SQL Injection
Exploit Title: PrestaShop ProductComments 4.2.0 - 'idproducts' Time Based Blind SQL Injection Date: 2020-12-15 Exploit Author: Frederic ADAM Author contact: [email protected] Vendor Homepage: https://www.prestashop.com Software Link: https://github.com/PrestaShop/productcomments Version: 4.2.0...
CVE-2020-28860
OpenAssetDigital Asset Management DAM through 12.0.19 does not correctly sanitize user supplied input, incorporating it into its SQL queries, allowing for authenticated blind SQL injection...
Prestashop SQL Injection Vulnerability (CNVD-2020-70969)
Prestashop is a set of open source e-commerce solutions from the United States Prestashop. The solution provides a variety of payment methods , short message alerts and product image scaling and other features . A SQL injection vulnerability exists in PrestaShop productcomments module versions...
Phpscript SGH 0.1.0 SQL Injection
Exploit Title: Phpscript-sgh 0.1.0 - Time Based Blind SQL Injection Date: 2020-12-04 Exploit Author: KeopssGroup0day,Inc Vendor Homepage: https://github.com/geraked/phpscript-sgh Software Link: https://github.com/geraked/phpscript-sgh Version: 0.1.0 Tested on: Kali Linux...
CVE-2020-26248
In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module...
CVE-2020-26248
In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module...
CVE-2020-26248 Blind SQL injection during the CommentGrade process
In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module...
CVE-2020-26248
CVE-2020-26248 affects the PrestaShop ProductComments module prior to version 4.2.1. The vulnerability is a blind SQL injection in the module, allowing an attacker to retrieve data or stop the MySQL service within the context of the affected site. The issue is fixed in 4.2.1 of the module. Public...
SmartBlog 2.0.1 Blind SQL Injection
Exploit Title: SmartBlog 2.0.1 - 'idpost' Blind SQL injection Date: 2020-11-05 Exploit Author: C0wnuts Vendor Homepage: https://github.com/smartdatasoft/smartblog Version: 2.0.1 Tested on: Linux Description : A blind SQL injection is present in the "idpost" parameter of the "details" controller. ...
SmartBlog 2.0.1 - 'id_post' Blind SQL injection
Exploit Title: SmartBlog 2.0.1 - 'idpost' Blind SQL injection Date: 2020-11-05 Exploit Author: C0wnuts Vendor Homepage: https://github.com/smartdatasoft/smartblog Version: 2.0.1 Tested on: Linux Description : A blind SQL injection is present in the "idpost" parameter of the "details" controller. ...
CVE-2020-15792
CVE-2020-15792 affects Siemens Desigo Insight (All versions). The issue is an improper input validation on certain query parameters in a reserved area, enabling an authenticated attacker to retrieve data via a content-based blind SQL injection attack (SQL Injection). CVSS v3 base score 4.3 (vecto...
CVE-2020-24568
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the lancompenent component, allowing logged-in attackers to discover arbitrary information...
CVE-2020-24568
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the lancompenent component, allowing logged-in attackers to discover arbitrary information...
Sql injection
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the lancompenent component, allowing logged-in attackers to discover arbitrary information...
CVE-2020-24568
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the lancompenent component, allowing logged-in attackers to discover arbitrary information...
CVE-2020-15849
Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in the SettingsController class, in the actionEmailTemplates method. A malicious actor with access to an administrative account could abuse this vulnerability to recover sensitive data from the application's database, allowing for...
CVE-2020-24569
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the knximport component via an advanced attack vector, allowing logged in attackers to discover arbitrary information...
NoSQL injection in express-cart
Versions of express-cart before 1.1.8 are vulnerable to NoSQL injection. The vulnerability is caused by the lack of user input sanitization in the login handlers. In both cases, the customer login and the admin login, parameters from the JSON body are sent directly into the MongoDB query which...