CVE-2020-36112

CVE-2020-36112 affects CSE Bookstore 1.0. The vulnerability is an SQL injection (time-based blind, boolean-based blind, and OR-based) in the pubid parameter of bookPerPub.php and cart.php, allowing an attacker to dump the entire database. Affected software: CSE Bookstore 1.0. Root cause: improper...

Projectworlds Online Book Store Project In Php SQL注入漏洞

Projectworlds Online Book Store Project In Php is a Php-based online bookstore system from the Austrian company Projectworlds. Projectworlds Online Book Store Project In Php 1.0 is vulnerable to SQL injection. An attacker could exploit this vulnerability to dump the entire database on which the w...

CVE-2020-35948

An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xclonerrestore.php writefileaction could...

CVE-2020-35948

An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xclonerrestore.php writefileaction could...

CSE Bookstore 1.0 - Multiple SQL Injection

Exploit Title : CSE Bookstore 1.0 - Multiple SQL Injection Date : 2020-12-21 Author : Musyoka Ian Version : CSE Bookstore 1.0 Vendor Homepage: https://projectworlds.in/ Platform : PHP Tested on : Debian CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR...

CVE-2020-8887

The CVE-2020-8887 entry concerns Telestream Tektronix Medius (and Sentry) before version 10.7.5, affected by an SQL injection in the login flow. Specifically, an unauthenticated attacker can dump database contents by manipulating the page parameter in a login request to index.php. The root cause ...

XCloner Backup and Restore 4.2.1 - 4.2.12 - Unprotected AJAX Action

"This flaw gave authenticated attackers, with subscriber-level or above capabilities, the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution on a vulnerable site’s server. Alternatively, an attacker could create an exploit cha...

CVE-2020-24315

Vinoj Cardoza WordPress Poll Plugin v36 and lower executes SQL statement passed in via the pollid POST parameter due to a lack of user input escaping. This allows users who craft specific SQL statements to dump the entire targets database...

Design/Logic Flaw

Vinoj Cardoza WordPress Poll Plugin v36 and lower executes SQL statement passed in via the pollid POST parameter due to a lack of user input escaping. This allows users who craft specific SQL statements to dump the entire targets database...

CVE-2020-11545

Project Worlds Official Car Rental System 1 is vulnerable to multiple SQL injection issues, as demonstrated by the email and parameters account.php, uname and pass parameters login.php, and id parameter bookcar.php This allows an attacker to dump the MySQL database and to bypass the login...

CVE-2020-11545

Project Worlds Official Car Rental System 1 is vulnerable to multiple SQL injection issues, as demonstrated by the email and parameters account.php, uname and pass parameters login.php, and id parameter bookcar.php This allows an attacker to dump the MySQL database and to bypass the login...

CVE-2020-10106

PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to SQL injection, as demonstrated by the email parameter in index.php or register.php. The SQL injection allows to dump the MySQL database and to bypass the login prompt...

UBUNTU-CVE-2019-11200

Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file. However, the application performs insufficient checks on the export parameters to mysqldump, which can lead to execution of arbitrary binaries on the server. Malicious binaries can be...

Improper access control

Incorrect access control in the database manager component in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows a remote attacker to restore a database dump without knowing the super-admin password. An arbitrary password succeeds...

CVE-2018-14885

Incorrect access control in the database manager component in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows a remote attacker to restore a database dump without knowing the super-admin password. An arbitrary password succeeds...

CVE-2018-14885

Incorrect access control in the database manager component in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows a remote attacker to restore a database dump without knowing the super-admin password. An arbitrary password succeeds...

IDenticard Systems Trust Management Issues Vulnerability

IDenticard Premisys is an access control system from IDenticard Systems, USA. The system allows the system to grant and restrict access to doors, lock facilities, view integrated reports and create detailed reports, among other things. A security vulnerability exists in IDenticard Systems version...

UBUNTU-CVE-2018-1000871

HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in "idutentemod" parameter in gestioneutenti.php file that can result in An attacker can dump all the database records of backend webserver. This attack appear to be exploitable via the attack can be done...

WordPress MemberMouse SQL Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development, the platform supports in PHP and MySQL servers to set up personal blog sites.MemberMouse plugin is used in one of the sales management plugin. A SQL injection vulnerability exists in the...

CVE-2018-11309

Blind SQL injection in couponcode in the MemberMouse plugin 2.2.8 and prior for WordPress allows an unauthenticated attacker to dump the WordPress MySQL database via an applyCoupon action in an admin-ajax.php request...