28 matches found
CVE-2026-25947 Worklenz Boolean-Based Blind SQL Injection via Improper ORDER BY Clause Input Validation
Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and resource allocatio...
Linux Distros Unpatched Vulnerability : CVE-2024-51482
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37. = 1.37.64 is vulnerable to boolean-based SQL Injection in...
📄 Invision Community 4.7.20 SQL Injection
Invision Community versions 4.7.20 and below have a vulnerability located within the /applications/calendar/modules/front/calendar/view.php script. Specifically, in the IPS\calendar\modules\front\calendar\view::search method: user input passed through the location request parameter is not properl...
Trol InterMedia 2ClickPortal SQL注入漏洞
Trol InterMedia 2ClickPortal is a web portal from Trol InterMedia, Inc. Trol InterMedia 2ClickPortal suffers from a SQL injection vulnerability that stems from improper neutralization of the changesreferenceid parameter input, which could lead to a blind Boolean-based SQL injection attack...
ZoneMinder SQL注入漏洞
ZoneMinder is an open source video surveillance software system from ZoneMinder Open Source. The system supports IP, USB, and analog cameras, among others. A SQL injection vulnerability exists in ZoneMinder 1.37.64 and previous versions 1.37.X. The vulnerability stems from web/ajax/event.php bein...
Anuko TimeTracker SQL注入漏洞
Anuko TimeTracker is an Anuko open source application . Provides a Web-based open source time tracking application written in PHP. A SQL injection vulnerability exists in versions prior to Anuko TimeTracker 1.22.11.5781, which stems from a Boolean-based SQL injection in Time Tracker invoices.php,...
Ghauri - An Advanced Cross-Platform Tool That Automates The Process Of Detecting And Exploiting SQL Injection Security Flaws
An advanced cross-platform tool that automates the process of detecting andexploiting SQL injection security flaws Requirements Python 3 Python pip3 Installation cd to ghauri directory. install requirements: python3 -m pip install --upgrade -r requirements.txt run: python3 setup.py install or...
Sql injection
The API call /InstallTab/exportFldr.asp is vulnerable to a semi-authenticated boolean-based blind SQL injection in the parameter fldrId. Detailed description --- Given the following request: GET /InstallTab/exportFldr.asp?fldrId=1’ HTTP/1.1 Host: 192.168.1.194 User-Agent: Mozilla/5.0 Macintosh;...