CVE-2022-42923 SQL injection in Forma LMS

Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'id' parameter in the 'appCore/index.php?r=adm/mediagallery/delete'...

PT-2022-26658 · Forma Lms · Forma Lms

Name of the Vulnerable Software and Affected Versions: Forma LMS versions 3.1.0 and earlier Description: The issue allows an authenticated attacker, with the role of a student, to perform a SQL injection on the dyn filter parameter in the "appLms/ajax.adm...

PT-2022-26022 · Forma Lms · Forma Lms

Name of the Vulnerable Software and Affected Versions: Forma LMS versions 3.1.0 and earlier Description: The issue allows an authenticated attacker with the role of student to perform a SQL injection on the 'searchvalue' parameter in the "appLms/ajax.server.php?r=mycertificate/getMyCertificates"...

CVE-2022-30004

Sourcecodester Online Market Place Site v1.0 suffers from an unauthenticated blind SQL Injection Vulnerability allowing remote attackers to dump the SQL database via time-based SQL injection...

CVE-2022-30004

Sourcecodester Online Market Place Site v1.0 suffers from an unauthenticated blind SQL Injection Vulnerability allowing remote attackers to dump the SQL database via time-based SQL injection...

SACCO 2022 SQL injection Vulnerability

Title: SACCO-2022 SQLi Author: nu11secur1ty Vendor: https://www.mayurik.com/ Software: https://github.com/nu11secur1ty/CVE-nu11secur1ty/blob/main/vendors/mayurik/2022/SACCO/docs/saccoshield.zip?raw=true Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayurik/2022/SAC...

Profiling DEV-0270: PHOSPHORUS’ ransomware operations

Microsoft threat intelligence teams have been tracking multiple ransomware campaigns and have tied these attacks to DEV-0270, also known as Nemesis Kitten, a sub-group of Iranian actor PHOSPHORUS. Microsoft assesses with moderate confidence that DEV-0270 conducts malicious network operations,...

Online Market Place Site SQL注入漏洞

Online Market Place Site is an online marketplace site by Carlo Montero Personal Developer. Online Market Place Site version 1.0 suffers from a SQL injection vulnerability that stems from an unauthenticated blind SQL injection vulnerability that allows remote attackers to dump a SQL database via...

Online Restaurant Table Reservation System 1.0 SQL Injection Vulnerability

Exploit Title: Online Restaurant Table Reservation System v1.0 Exploit Author: segf0lt Vendor Homepage: https://www.sourcecodester.com/php/15286/online-restaurant-table-reservation-system-phpoop-free-source-code.html Software Link:...

Online Car Wash Booking System 1.0 Blind SQL Injection

Exploit Title: Online Car Wash Booking System 1.0 - Unauthenticated blind SQL Injection Exploit Author: segf0lt Date: April 14, 2022 Vendor Homepage: https://www.sourcecodester.com/php/15274/online-car-wash-booking-system-phpoop-free-source-code.html Software Link:...

CVE-2022-24956

An issue was discovered in Shopware B2B-Suite through 4.4.1. The sort-by parameter of the search functionality of b2border and b2borderlist allows SQL injection. Possible techniques are boolean-based blind, time-based blind, and potentially stacked queries. The vulnerability allows a remote...

Sql injection

An issue was discovered in Shopware B2B-Suite through 4.4.1. The sort-by parameter of the search functionality of b2border and b2borderlist allows SQL injection. Possible techniques are boolean-based blind, time-based blind, and potentially stacked queries. The vulnerability allows a remote...

CVE-2022-26285

Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests...

CVE-2022-26284

Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the manageclient endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests...

CVE-2022-26285

Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests...

CVE-2022-26283

Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the viewplan endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests...

CVE-2022-26284

Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the manageclient endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests...

Sql injection

Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the manageclient endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests...

Sql injection

Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the viewplan endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests...

CVE-2022-26284

CVE-2022-26284 affects Simple Client Management System v1.0. The vulnerability is a SQL injection in the manage_client endpoint, exploitable via the id parameter, which can allow an attacker to dump the application’s database through crafted HTTP requests. Public references describe the issue and...