EUVD-2017-19004

Joomla JoomRecipe 1.0.4 component contains a blind SQL injection vulnerability in the searchauthor parameter on the search results page. Attackers can inject SQL code through POST requests to the search endpoint to extract database information using boolean-based blind SQL injection techniques...

EUVD-2026-36366

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 132, any authenticated user who can upload videos can add multiple subtitles from different files and change their title English, Spanish.... The POST /actions/subtitleedit.php request used to change their title...

EUVD-2019-20132

Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter that allow authenticated attackers to extract database information through time-based, blind, and boolean-based injection techniques. Attackers can inject malicious SQL code through the search...

CVE-2019-25699 Newsbull Haber Script 1.0.0 Authenticated SQL Injection via search parameter

Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter that allow authenticated attackers to extract database information through time-based, blind, and boolean-based injection techniques. Attackers can inject malicious SQL code through the search...

CVE-2019-25699

Newsbull Haber Script 1.0.0 is affected by multiple SQL injection vulnerabilities in the search parameter, enabling authenticated attackers to extract database information via time-based, blind, and boolean-based techniques. The issues can be triggered through the search parameter in endpoints su...

EUVD-2019-20079

PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to...

CVE-2021-35484

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic for the View Campaign page via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive...

EUVD-2019-19403

TheJshen ContentManagementSystem 1.04 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to extract or manipulate database information...

Exploit for CVE-2023-49440

CVE-2023-49440-POC Exploit Title: AhnLab EPP Management...

DEBIAN-CVE-2025-59431

MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote characters in the PropertyName. Allowing to manipula...

UBUNTU-CVE-2025-59431

MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote characters in the PropertyName. Allowing to manipula...

CVE-2025-59431 MapServer - WFS XML Filter Query SQL injection

MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote characters in the PropertyName. Allowing to manipula...

CVE-2025-59431 MapServer - WFS XML Filter Query SQL injection

MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote characters in the PropertyName. Allowing to manipula...

Mapserver SQL注入漏洞

Mapserver is the Open Source Geospatial Osgeo Foundation's suite of open source platforms for publishing spatial data and interactive map applications to the Web. A SQL injection vulnerability exists in Mapserver versions prior to 8.4.1, which stems from a Boolean SQL injection in the XML Filter...

CVE-2025-50984

diskover-web v2.3.0 Community Edition is vulnerable to multiple boolean-based blind SQL injection flaws in its Elasticsearch configuration form. Unsanitized user input in POST parameters such as ESPASS, ESMAXSIZE, ESTRANSLOGSIZE, ESTIMEOUT, ESUSER, ESHOST, ESPORT, ESSCROLLSIZE, ESCHUNKSIZE and...

PT-2025-34881 · Unknown · Diskover-Web

Name of the Vulnerable Software and Affected Versions: diskover-web version 2.3.0 Description: The application is susceptible to multiple boolean-based blind SQL injection flaws in its Elasticsearch configuration form. Improper input validation and parameterization in JSON-based query constructio...

CVE-2025-50341

A Boolean-based SQL injection vulnerability was discovered in Axelor 5.2.4 via the domain parameter. An attacker can manipulate the SQL query logic and determine true/false conditions, potentially leading to data exposure or further exploitation...

PT-2024-27927 · R Hub · R-Hub Turbomeeting

Name of the Vulnerable Software and Affected Versions: R-HUB TurboMeeting versions through 8.x Description: A boolean-based SQL injection issue in the Virtual Meeting Password VMP endpoint allows unauthenticated remote attackers to extract hashed passwords from the database and authenticate to th...

MyBatis-Plus 安全漏洞

MyBatis-Plus is an open source toolkit from Baomidou. A security vulnerability exists in MyBatis-Plus versions prior to 3.5.6, which stems from the presence of a SQL injection vulnerability. An attacker can exploit the vulnerability to obtain database information via Boolean blind injection...

CVE-2019-1010034

Deepwoods Software WebLibrarian 3.5.2 and earlier is affected by: SQL Injection. The impact is: Exposing the entire database. The component is: Function "AllBarCodes" defined at databasecode.php line 1018 is vulnerable to a boolean-based blind sql injection. This function call can be triggered by...