CVE-2020-23630

A blind SQL injection vulnerability exists in zzcms ver201910 based on time cookie injection...

CVE-2020-21725

OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the pid parameter...

CVE-2017-1002015

Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/adminsetting.php via selectMulGallery parameter...

CVE-2019-3577

An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/ProductAction.class.php allows blind SQL Injection via the id0 parameter to the /product URI...

CVE-2018-1000890

FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter "filterType" in /attachments.php that can allow the attacker to grab the entire database of the application...

CVE-2019-10852

Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers=startpulling= substring...

CVE-2018-20770

An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is Blind SQL Injection...

CVE-2017-1002014

Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/adminsetting.php via galleryname parameter...

CVE-2017-11559

An issue was discovered in ZOHO ManageEngine OpManager 12.2. The 'apiKey' parameter of "/api/json/admin/getmailserversettings" and "/api/json/dashboard/gotoverviewlist" is vulnerable to a Blind SQL Injection attack...

CVE-2017-1002018

Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and attendees.php code do not sanitize input, this allows for blind SQL injection via the event parameter...

CVE-2017-11738

In Zoho ManageEngine Application Manager prior to 14.6 Build 14660, the 'haid' parameter of the '/auditLogAction.do' module is vulnerable to a Time-based Blind SQL Injection attack...

CVE-2025-26086

An unauthenticated blind SQL injection vulnerability exists in RSI Queue Management System v3.0 within the TaskID parameter of the get request handler. Attackers can remotely inject time-delayed SQL payloads to induce server response delays, enabling time-based inference and iterative extraction ...

RSI Queue Management System 安全漏洞

RSI Queue Management System is an intelligent queue management system for the retail, healthcare or service industry from RSI Queue. A security vulnerability exists in RSI Queue Management System version v3.0 that stems from improper handling of the TaskID parameter, which could lead to an...

CVE-2025-43833

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Amir Helzer Absolute Links absolute-links allows Blind SQL Injection.This issue affects Absolute Links: from n/a through = 1.1.1...

CVE-2025-43833

CVE-2025-43833 affects WordPress Absolute Links plugin (≤ 1.1.1). Affected component is user-supplied input resulting in Improper Neutralization of SQL commands, enabling Blind SQL Injection. Exploitation status is not confirmed in the provided documents; CVSS v3.1 base score is 7.6 (HIGH) with n...

CVE-2025-48280

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ruben Garcia AutomatorWP automatorwp allows Blind SQL Injection.This issue affects AutomatorWP: from n/a through = 5.2.1.3...

CVE-2025-48280

CVE-2025-48280 (AutomatorWP) — SQL Injection in AutomatorWP prior to 5.2.1.3 due to improper neutralization of special elements in SQL commands, enabling blind SQL injection. Affected: AutomatorWP up to 5.2.1.3. Mitigation: upgrade to a version later than 5.2.1.3 (patches/updates referenced in Pa...

CVE-2025-48280 WordPress AutomatorWP <= 5.2.1.3 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ruben Garcia AutomatorWP allows Blind SQL Injection. This issue affects AutomatorWP: from n/a through 5.2.1.3...

WordPress plugin Absolute Links SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

📄 RSI Queue Management System 3.0 SQL Injection

An unauthenticated blind SQL injection vulnerability exists in RSI Queue Management System version 3.0 within the TaskID parameter of the get request handler. Attackers can remotely inject time-delayed SQL payloads to induce server response delays, enabling time-based inference and iterative...