3 matches found
CVE-2019-25697 CMSsite 1.0 SQL Injection via category.php
CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requests to category.php with malicious catid values to extract sensitive database information includi...
CVE-2025-11288
The CRMEB CVE-2025-11288 issue affects CRMEB versions up to 5.6 (and is described as affecting versions prior to 5.7 by PT-Security) in GET Parameter Handler for /adminapi/product/product. Manipulation of the cate_id argument enables SQL injection with remote exploitation possible and an exploit ...
CVE-2024-2077
A vulnerability classified as critical has been found in SourceCodester Simple Online Bidding System 1.0. This affects an unknown part of the file index.php. The manipulation of the argument categoryid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...