Lucene search
K

70 matches found

NVD
NVD
added 2026/02/20 11:15 p.m.11 views

CVE-2019-25431

delpino73 Blue-Smiley-Organizer 1.32 contains an SQL injection vulnerability in the datetime parameter that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL code through POST requests to extract sensitive data using boolean-based blind and time-based blind...

8.8CVSS0.00262EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/18 1:28 p.m.7 views

CVE-2026-2247

SQL injection vulnerability SQLi in Clicldeu SaaS, specifically in the generation of reports, which occurs when a previously authenticated remote attacker executes a malicious payload in the URL generated after downloading the student's report card in the ‘Day-to-day’ section from the mobile...

8.3CVSS5.9AI score0.00248EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/02/18 12:0 a.m.180 views

📄 RuoYi 4.7.9 Advanced SQL Injection Exploitation Toolkit

This Python script is a sophisticated SQL injection exploitation tool that targets Java web applications specifically RuoYi framework, with additional remote code execution capabilities. The tool performs blind SQL injection attacks and includes multiple methods for escalating from SQL injection ...

6.8AI score
Exploits0
NVD
NVD
added 2026/02/17 12:16 p.m.9 views

CVE-2026-2247

SQL injection vulnerability SQLi in Clicldeu SaaS, specifically in the generation of reports, which occurs when a previously authenticated remote attacker executes a malicious payload in the URL generated after downloading the student's report card in the ‘Day-to-day’ section from the mobile...

8.3CVSS0.00248EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.7 views

PT-2026-8402

SQL injection vulnerability SQLi in Clicldeu SaaS, specifically in the generation of reports, which occurs when a previously authenticated remote attacker executes a malicious payload in the URL generated after downloading the student's report card in the ‘Day-to-day’ section from the mobile...

8.3CVSS5.9AI score0.00248EPSS
Exploits0References2
NVD
NVD
added 2026/02/12 8:16 p.m.4 views

CVE-2019-25348

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

0.00026EPSS
Exploits0
OSV
OSV
added 2026/02/10 5:32 p.m.7 views

CVE-2026-25947 Worklenz Boolean-Based Blind SQL Injection via Improper ORDER BY Clause Input Validation

Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and resource allocatio...

8.8CVSS5.7AI score0.00354EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/02/06 4:41 p.m.4 views

CVE-2019-25299

RimbaLinux AhadPOS 1.11 contains a SQL injection vulnerability in the 'alamatCustomer' parameter that allows attackers to manipulate database queries through crafted POST requests. Attackers can exploit time-based and boolean-based blind SQL injection techniques to extract information or...

7.1CVSS5.9AI score0.00214EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/02/06 4:41 p.m.14 views

CVE-2019-25299

CVE-2019-25299 concerns RimbaLinux AhadPOS 1.11, where a SQL injection vulnerability exists in the alamatCustomer parameter. The underlying issue allows attackers to manipulate database queries via crafted POST requests, using time-based and boolean-based blind SQL injection techniques to extract...

7.1CVSS5.7AI score0.00214EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.6 views

PT-2026-3042

Kmaleon 1.1.0.205 contains an authenticated SQL injection vulnerability in the 'tipocomb' parameter of kmaleonW.php that allows attackers to manipulate database queries. Attackers can exploit this vulnerability using boolean-based, error-based, and time-based blind SQL injection techniques to...

7.1CVSS7.8AI score0.00239EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/18 11:2 p.m.12 views

CVE-2025-65093 LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a boolean-based blind SQL injection vulnerability was identified in the LibreNMS application at the /ajaxoutput.php endpoint. The hostname parameter is interpolated directly into an SQL query...

5.5CVSS0.03278EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-27276

Malicious code in bioql PyPI...

9.4CVSS6.6AI score0.01558EPSS
Exploits4References2
Cvelist
Cvelist
added 2025/09/04 2:12 p.m.16 views

CVE-2025-8311

dotCMS versions 24.03.22 and after, identified a Boolean-based blind SQLi vulnerability in the /api/v1/contenttype endpoint. This endpoint uses the sites query parameter, which accepts a comma-separated list of site identifiers or keys. The vulnerability was triggered via the sites parameter, whi...

9.4CVSS0.01558EPSS
Exploits4References1
NVD
NVD
added 2025/08/27 6:15 p.m.6 views

CVE-2025-50979

NodeBB v4.3.0 is vulnerable to SQL injection in its search-categories API endpoint /api/v3/search/categories. The search query parameter is not properly sanitized, allowing unauthenticated, remote attackers to inject boolean-based blind and PostgreSQL error-based payloads...

8.6CVSS0.08115EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/08/27 12:0 a.m.10 views

CVE-2025-50984

diskover-web v2.3.0 Community Edition is vulnerable to multiple boolean-based blind SQL injection flaws in its Elasticsearch configuration form. Unsanitized user input in POST parameters such as ESPASS, ESMAXSIZE, ESTRANSLOGSIZE, ESTIMEOUT, ESUSER, ESHOST, ESPORT, ESSCROLLSIZE, ESCHUNKSIZE and...

0.00308EPSS
Exploits1References1
CVE
CVE
added 2025/08/27 12:0 a.m.27 views

CVE-2025-50984

Diskover-web v2.3.0 Community Edition is affected by multiple boolean-based blind SQL injection flaws in the Elasticsearch configuration form. Untrusted input in POST fields (e.g., ES_PASS, ES_MAXSIZE, ES_TRANSLOGSIZE, ES_TIMEOUT, ES_USER, ES_HOST, ES_PORT, ES_SCROLLSIZE, ES_CHUNKSIZE) can inject...

5.3CVSS7.1AI score0.00308EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 7:53 p.m.7 views

CVE-2021-35487

Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates for the Manage Alerts page via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user,...

6.5CVSS7.8AI score0.00959EPSS
Exploits1References1
NVD
NVD
added 2024/05/28 9:16 p.m.10 views

CVE-2024-35548

A SQL injection vulnerability in Mybatis plus versions below 3.5.6 allows remote attackers to obtain database information via a Boolean blind injection. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications...

5.4CVSS7.4AI score0.00374EPSS
Exploits0References2
OSV
OSV
added 2024/05/28 9:16 p.m.5 views

CVE-2024-35548

A SQL injection vulnerability in Mybatis plus versions below 3.5.6 allows remote attackers to obtain database information via a Boolean blind injection. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications...

5.4CVSS5.9AI score0.00374EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/28 8:25 p.m.14 views

CVE-2024-35548

A SQL injection vulnerability in Mybatis plus versions below 3.5.6 allows remote attackers to obtain database information via a Boolean blind injection. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications...

7.4AI score0.00374EPSS
Exploits0References2
Rows per page
Query Builder