4662 matches found
CVE-2023-28883
In Cerebrate 1.13, a blind SQL injection exists in the searchAll API endpoint...
CVE-2023-23315
The PrestaShop e-commerce platform module stripejs contains a Blind SQL injection vulnerability up to version 4.5.5. The method stripejsValidationModuleFrontController::initContent has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection...
CVE-2023-0765
The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Slider plugin https://wordpress.org/plugins/slider-bws/ must...
CVE-2023-3416
The tagDiv Opt-In Builder plugin is vulnerable to Blind SQL Injection via the 'subscriptionCouponId' parameter via the 'createstripesubscription' REST API endpoint in versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...
CVE-2023-42283
Blind SQL injection in apiid parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query...
CVE-2023-42284
Blind SQL injection in apiversion parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query...
CVE-2023-6921
Blind SQL Injection vulnerability in PrestaShow Google Integrator PrestaShop addon allows for data extraction and modification. This attack is possible via command insertion in one of the cookies...
CVE-2023-33280
In the Store Commander scquickaccounting module for PrestaShop through 3.7.3, multiple sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection...
CVE-2022-30493
In oretnom23 Automotive Shop Management System v1.0, the product id parameter suffers from a blind SQL Injection Vulnerability allowing remote attackers to dump all database credential and gain admin accessprivilege escalation...
CVE-2022-36201
Doctor’s Appointment System v1.0 is vulnerable to Blind SQLi via settings.php...
CVE-2022-29688
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/hy...
CVE-2022-29686
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/lists/zhuan...
CVE-2022-29682
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/vod/admin/topic/del...
CVE-2022-29684
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/jsdel...
CVE-2022-29683
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/pagedel...
CVE-2022-29685
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/User/levelsort...
CVE-2022-29661
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/save...
CVE-2022-29305
imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost...
CVE-2022-28105
Online Sports Complex Booking System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /scbs/viewfacility.php...
CVE-2022-1013
The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability...