12 matches found
CVE-2022-27485
A improper neutralization of special elements used in an sql command 'sql injection' vulnerability CWE-89 in Fortinet FortiSandbox version 4.2.0, 4.0.0 through 4.0.2, 3.2.0 through 3.2.3, 3.1.x and 3.0.x allows a remote and authenticated attacker with read permission to retrieve arbitrary files...
Rukovoditel Project Management App SQL injection vulnerability in the 'forms_fields_rules/rules' page
Summary An exploitable SQL injection vulnerability exists in the ‘formsfieldsrules/rules’ page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be...
Rukovoditel Project Management App application SQL injection vulnerability in the 'access_rules/rules_form' page
Summary An exploitable SQL injection vulnerability exists in the ‘‘accessrules/rulesform’ page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be...
House Rental 1.0 SQL Injection
Exploit Title: House Rental v1.0 - PDO Bypass SQL Injection - Unauthenticated Code Execution - Change Admin Password Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Date: 2020-08-07 Vendor Homepage: https://projectworlds.in Software Link:...
Forma LMS 2.2.1 /appCore/index.php users parameter SQL injections
Summary Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing...
colliersfuneralhome.com XSS vulnerability
Open Bug Bounty ID: OBB-629413 Description| Value ---|--- Affected Website:| colliersfuneralhome.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
WordPress Unite Gallery Lite Plugin 1.4.6 - Multiple Vulnerabilities
WordPress Unite Gallery Lite plugin version 1.4.6 suffers from cross site request forgery and remote SQL injection vulnerabilities. Title: Cross-Site Request Forgery & SQL Injection Vulnerabilities in Unite Gallery Lite Wordpress Plugin v1.4.6 Submitter: Nitin Venkatesh Product: Unite Gallery Lit...
WordPress Daily Edition 1.6.2 SQL Injection
WordPress Daily Edition Theme v1.6.2 SQL Injection Security Vulnerabilities Exploit Title: WordPress Daily Edition Theme v1.6.2 /fiche-disque.php id Parameters SQL Injection Security Vulnerabilities Product: WordPress Daily Edition Theme Vendor: WooThemes Vulnerable Versions: v1.6.2 Tested Versio...
ClassAd 3.0 SQL Injection
Bilnd SQL Injection on ClassAd Risk: High CWE number: CWE-89 Date: 9/11/2014 Vendor: projects-and-software.de Version: 3.0 Author: Felipe " Renzi " Gabriel Contact: [email protected] Tested on: Linux Ubuntu 14.04; Mozilla Firefox 34.0; sqlmap 1.0-dev-nongit-20141106 Vulnerable File: showads.php...
aoop cms 0.3.6 - Multiple Vulnerabilities
No description provided by source. Inshell Security Advisory http://www.inshell.net 1. ADVISORY INFORMATION ----------------------- Product: Aoop CMS Vendor URL: www.annonyme.de Type: Cross-site Scripting CWE-79, SQL-Injection CWE-89 Date found: 2012-04-07 Date published: 2012-08-24 CVSSv2 Score:...
Wapoweb SQL Injection
SQL Injection on Wapoweb Risk: High CWE number: CWE-89 Date: 19/04/2014 Vendor: www.wapoweb.net Author: Felipe " Renzi " Gabriel Contact: [email protected] Tested on Windows 8 pro Vulnerable File: prodotti.php Exploit: http://www.site.com/prodotti.php?c=SQLI...
LuxCal v3.2.2 CSRF/Blind SQL Injection Vulnerabilities
LuxCal v3.2.2 suffers from a CSRF and Blind SQL Injection Vulnerabilities. + Author: TUNISIAN CYBER + Exploit Title: LuxCal v3.2.2 CSRF/Blind SQL Injection Vulnerabilities + Date: 09-03-2014 + Category: WebApp + Tested on: KaliLinux/Windows 7 Pro + CWE: CWE-352/CWE-89 + Vendor:...