4662 matches found
CVE-2022-24226
Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php...
CVE-2021-43969
The login.jsp page of Quicklert for Digium 10.0.0 1043 is affected by both Blind SQL Injection with Out-of-Band Interaction DNS and Blind Time-Based SQL Injections. Exploitation can be used to disclose all data within the database up to and including the administrative accounts' login IDs and...
CVE-2021-43789
PrestaShop is an Open Source e-commerce web application. Versions of PrestaShop prior to 1.7.8.2 are vulnerable to blind SQL injection using search filters with orderBy and sortOrder parameters. The problem is fixed in version 1.7.8.2...
CVE-2021-38393
A Blind SQL injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter agid before using it as part of an SQL query....
CVE-2021-32983
A Blind SQL injection vulnerability exists in the /DataHandler/HandlerCFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter keyword before using it as part of an SQL query. A...
CVE-2021-24345
The page lists-management feature of the Sendit WP Newsletter WordPress plugin through 2.5.1, available to Administrator users does not sanitise, validate or escape the idlista POST parameter before using it in SQL statement, therefore leading to Blind SQL Injection...
CVE-2021-3860
JFrog Artifactory before 7.25.4 Enterprise+ deployments only, is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query...
CVE-2021-35487
Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates for the Manage Alerts page via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user,...
CVE-2021-25784
Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article...
CVE-2021-24360
The Yes/No Chart WordPress plugin before 1.0.12 did not sanitise its sid shortcode parameter before using it in a SQL statement, allowing medium privilege users contributor+ to perform Blind SQL Injection attacks...
CVE-2021-44915
Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category...
CVE-2021-25783
Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article Search...
CVE-2021-38391
A Blind SQL injection vulnerability exists in the /DataHandler/AM/AMHandler.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter type before using it as part of an SQL query. A...
CVE-2020-20585
A blind SQL injection in /admin/?n=logs=index=dode of Metinfo 7.0 beta allows attackers to access sensitive database information...
CVE-2020-26248
In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module...
CVE-2020-15792
A vulnerability has been identified in Desigo Insight All versions. The web service does not properly apply input validation for some query parameters in a reserved area. This could allow an authenticated attacker to retrieve data via a content-based blind SQL injection attack...
CVE-2020-11530
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to getscript/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user...
CVE-2020-10218
A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the HolidaydatesController.php addAction function...
CVE-2020-14982
A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later before 4.0 affecting the com.threeis.webta.H352premPayRequest servlet's SortBy parameter allows an attacker with the Employee, Supervisor, or Timekeeper role to read sensitive data from the database...
CVE-2020-25362
The id paramater in Online Shopping Alphaware 1.0 has been discovered to be vulnerable to an Error-Based blind SQL injection in the /alphaware/details.php path. This allows an attacker to retrieve all databases...