235 matches found
Exploit for CVE-2025-58443
CVE-2025-58443 exploit POC for https://github.com/FOGProject/...
PT-2025-36400
Name of the Vulnerable Software and Affected Versions: FOG versions 1.5.10.1673 and below Description: FOG is a free open-source cloning/imaging/rescue suite/inventory management system. An authentication bypass vulnerability exists, allowing an attacker to perform an unauthenticated database dum...
FOG 访问控制错误漏洞
FOG is an open source computer cloning and management system open-sourced by the FOG Project. An access control error vulnerability exists in FOG 1.5.10.1673 and prior versions, which stems from an authentication bypass that could allow an attacker to unauthenticatedly dump a full SQL database...
Linux Distros Unpatched Vulnerability : CVE-2018-1000871
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in idutentemod parameter in gestioneutenti.php file that can result...
CVE-2024-51162
An issue in Audimex EE versions 15.1.20 and earlier allowing a remote attacker to escalate privileges. Analyzing the offline client code, it was identified that it is possible for any user with any privilege of Audimex to dump the whole Audimex database. This gives visibility upon password hashes...
CVE-2023-31702
SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1...
CVE-2023-6114
The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the backups-dup-lite/tmp directory or the backups-dup-pro/tmp directory in the Pro version, which temporarily stores files containing sensitive data. When directory listing is...
CVE-2023-5008
Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'regno' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control...
CVE-2023-33568
An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists...
CVE-2022-30004
Sourcecodester Online Market Place Site v1.0 suffers from an unauthenticated blind SQL Injection Vulnerability allowing remote attackers to dump the SQL database via time-based SQL injection...
CVE-2022-24956
An issue was discovered in Shopware B2B-Suite through 4.4.1. The sort-by parameter of the search functionality of b2border and b2borderlist allows SQL injection. Possible techniques are boolean-based blind, time-based blind, and potentially stacked queries. The vulnerability allows a remote...
CVE-2020-36112
CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php and in cart.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database on which the web application...
CVE-2013-3507
The NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to obtain sensitive information via a direct request for 1 a configuration file, 2 a database dump, or 3 the Tomcat status context...
BIT-DOLIBARR-2023-33568
An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists...
Gibbon 25.0.0 Local File Inclusion
Gibbon version 25.0.0 local file inclusion exploit that downloads a SQL dump...
CVE-2020-35948
An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xclonerrestore.php writefileaction could...
CVE-2024-12269
The Safe Ai Malware Protection for WP plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportdb function in all versions up to, and including, 1.0.17. This makes it possible for unauthenticated attackers to retrieve a complete dump of the...
CVE-2025-23218
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionarespecie.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands ...
CVE-2025-23220 WeGIA has a SQL Injection endpoint 'adicionar_raca.php' parameter 'raca'
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionarraca.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in...
CVE-2025-23220 WeGIA has a SQL Injection endpoint 'adicionar_raca.php' parameter 'raca'
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionarraca.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in...