Lucene search
K

227 matches found

Packet Storm
Packet Storm
added 2021/06/10 12:0 a.m.394 views

Student Result Management System 1.0 SQL Injection

Exploit Title: Student Result Management System 1.0 - 'class' SQL Injection Date: 09.09.2020 Exploit Author: Riadh Benlamine rbn0x00 Vendor Homepage : https://projectworlds.in Software Page: https://projectworlds.in/free-projects/php-projects/student-result-management-system-project-in-php/...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/05/03 12:0 a.m.299 views

Gadget Works Online Ordering System 1.0 SQL Injection / Code Execution

Exploit Title: Gadget works online ordering system - Authentication Bypass SQLi Date: 03/05/2021 Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/13093/gadget-works-online-ordering-system-phpmysqli.html Version: 1.0 Tested on: Windows 10 build 19041 + xampp 3.2.4...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2021/04/21 12:0 a.m.437 views

Fast PHP Chat 1.3 SQL Injection

Exploit Title: Fast PHP Chat 1.3 - 'myitemsearch' SQL Injection Date: 15/04/2021 Exploit Author: Fatih Coskun Vendor Homepage: https://codecanyon.net/item/fast-php-chat-responsive-live-ajax-chat/10721076 Version: 1.3 Category: Webapps Tested on: Kali linux Description : The vulnerability allows a...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/04/21 12:0 a.m.38 views

Fast PHP Chat 1.3 - (my_item_search) SQL Injection Vulnerability

Exploit Title: Fast PHP Chat 1.3 - 'myitemsearch' SQL Injection Exploit Author: Fatih Coskun Vendor Homepage: https://codecanyon.net/item/fast-php-chat-responsive-live-ajax-chat/10721076 Version: 1.3 Category: Webapps Tested on: Kali linux Description : The vulnerability allows an attacker to...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2021/04/01 12:0 a.m.397 views

School Registration And Fee System 1.0 SQL Injection

Exploit Title: School Registration and Fee System | 'username ' Blind SQL Injection Exploit Author: Richard Jones Date: 01-04-2021 Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/10932/school-registration-and-fee-system.html Version: 1.0 Tested O...

Exploits0
Packet Storm
Packet Storm
added 2021/02/26 12:0 a.m.321 views

Online Catering Reservation System 1.0 SQL Injection

Exploit Title: Online Catering Reservation System - SQL Injection Authenticated Date: 2021-02-25 Exploit Author: [email protected] Vendor Homepage: https://www.sourcecodester.com/php/11355/online-catering-reservation.html Software Link:...

0.2AI score
Exploits0
Prion
Prion
added 2021/01/04 3:15 p.m.15 views

Sql injection

CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php and in cart.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database on which the web application...

7.5CVSS9.7AI score0.17166EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/01/04 3:15 p.m.4 views

CVE-2020-36112

CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php and in cart.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database on which the web application...

9.8CVSS5.8AI score0.17166EPSS
Exploits1References3
CVE
CVE
added 2021/01/04 2:46 p.m.74 views

CVE-2020-36112

CVE-2020-36112 affects CSE Bookstore 1.0. The vulnerability is an SQL injection (time-based blind, boolean-based blind, and OR-based) in the pubid parameter of bookPerPub.php and cart.php, allowing an attacker to dump the entire database. Affected software: CSE Bookstore 1.0. Root cause: improper...

9.8CVSS9.7AI score0.17166EPSS
In wildExploits1References1Affected Software1
wpexploit
wpexploit
added 2020/11/25 12:0 a.m.715 views

WP Google Map Plugin < 4.1.5 - Authenticated SQL Injection

The Manage Locations page within the plugin settings was vulnerable to SQL Injection through a high privileged user admin+. Edit WPScanTeam: September 8th, 2020 - Confirmed & Escalated to WP plugins team September 8th, 2020 - WP plugins team investigating November 25th, 2020 - No updates,...

0.2AI score0.01416EPSS
Exploits2References1
Kitploit
Kitploit
added 2020/09/07 2:38 a.m.139 views

SQLMap v1.4.9 - Automatic SQL Injection And Database Takeover Tool

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...

8.5AI score
Exploits0References9
Hacker One
Hacker One
added 2020/08/06 12:48 p.m.87 views

Zomato: Solr Injection in `user_id` parameter at :/v2/leaderboard_v2.json

@zzzhacker13 identified a Solr Injection on the userid parameter at :/v2/leaderboardv2.json. Our team analyzed internally and found that only fq=injection was possible on the Solr endpoint, hence the Solr injection was of low impact since there was no way to escalate it to exfiltrate data, one...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2020/05/18 12:0 a.m.177 views

Online Examination System 1.0 SQL Injection

Exploit Title: Online Examination System 1.0 - 'eid' SQL Injection Google Dork: N/A Date: 2020-05-16 Exploit Author: BKpatron Vendor Homepage: https://www.sourcecodester.com/php/14210/online-examination-system-project-using-phpmysql.html Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/05/11 12:0 a.m.170 views

Victor CMS 1.0 SQL Injection

Exploit Title: Victor CMS 1.0 - 'post' SQL Injection Google Dork: N/A Date: 2020-05-09 Exploit Author: BKpatron Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: v1.0 Tested on: Win 10 CVE: N/A my website:...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2020/04/29 12:0 a.m.86 views

School ERP Pro 1.0 SQL Injection

Exploit Title: School ERP Pro 1.0 - 'esmessagesid' SQL Injection Date: 2020-04-28 Author: Besim ALTINOK Vendor Homepage: http://arox.in Software Link: https://sourceforge.net/projects/school-erp-ultimate/ Version: latest version Tested on: Xampp Credit: İsmail BOZKURT SQL Injection Detail...

0.6AI score
Exploits0
exploitpack
exploitpack
added 2020/03/16 12:0 a.m.98 views

MiladWorkShop VIP System 1.0 - lang SQL Injection

MiladWorkShop VIP System 1.0 - lang SQL Injection Exploit Title: MiladWorkShop VIP System 1.0 - 'lang' SQL Injection Google Dork: Powered By MiladWorkShop VIP System Date: 2020-03-03 Exploit Author: AYADI Mohamed email : [email protected] Vendor Homepage: https://miladworkshop.ir/ Softwar...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2020/03/16 12:0 a.m.405 views

MiladWorkShop VIP System 1.0 - &#039;lang&#039; SQL Injection

Exploit Title: MiladWorkShop VIP System 1.0 - 'lang' SQL Injection Google Dork: Powered By MiladWorkShop VIP System Date: 2020-03-03 Exploit Author: AYADI Mohamed email : [email protected] Vendor Homepage: https://miladworkshop.ir/ Software Link: https://miladworkshop.ir/vip.html Version:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/02/14 12:0 a.m.86 views

phpMyChat Plus 1.98 SQL Injection

Title: phpMyChat Plus 1.98 - 'pmcusername' SQL Injection Date: 2020-02-13 Exploit Author: J3rryBl4nks Vendor Homepage: http://ciprianmp.com/latest/ Software Link: https://sourceforge.net/projects/phpmychat/files/phpMyChatPlus/ Version MyChat Plus 1.98 Tested on Windows 10/Kali Rolling The phpMyCh...

0.1AI score
Exploits0
0day.today
0day.today
added 2019/11/06 12:0 a.m.77 views

thejshen Globitek CMS 1.4 - (id) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: thejshen Globitek CMS 1.4 - 'id' SQL Injection Exploit Author: Cakes Vendor Homepage: https://github.com/thejshen/contentManagementSystem Software Link: https://github.com/thejshen/contentManagementSystem.git Version: 1.4 Tested...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2019/11/05 12:0 a.m.124 views

thejshen Globitek CMS 1.4 SQL Injection

Exploit Title: thejshen Globitek CMS 1.4 - 'id' SQL Injection Date: 2019-11-01 Exploit Author: Cakes Vendor Homepage: https://github.com/thejshen/contentManagementSystem Software Link: https://github.com/thejshen/contentManagementSystem.git Version: 1.4 Tested on: CentOS 7 CVE: N/A The GET reques...

7.4AI score
Exploits0
Rows per page
Query Builder