injectproof

InjectProof The SQL injection scanner that finds what sqlma...

CVE-2022-26283

Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the viewplan endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests...

CVE-2022-26285

Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests...

CVE-2022-26284

Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the manageclient endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests...

CVE-2020-24315

Vinoj Cardoza WordPress Poll Plugin v36 and lower executes SQL statement passed in via the pollid POST parameter due to a lack of user input escaping. This allows users who craft specific SQL statements to dump the entire targets database...

EUVD-2017-14954

Malware in sbrugna...

EUVD-2018-2050

Malware in sbrugna...

CVE-2023-45826 Authenticated SQL Injection in leantime

Leantime is an open source project management system. A 'userId' variable in app/domain/files/repositories/class.files.php is not parameterized. An authenticated attacker can send a carefully crafted POST request to /api/jsonrpc to exploit an SQL injection vulnerability. Confidentiality is impact...

Simple Subscription Website SQL注入漏洞

Simple Subscription Website is an open source, web-based simple subscription application from Carlo Montero's personal developer. Used to provide companies with possible members to apply for plans that offer certain services, Simple Subscription Website is vulnerable to SQL injection, which can b...

Sql injection

Emuse - eServices / eNvoice SQL injection can be used in various ways ranging from bypassing login authentication or dumping the whole database to full RCE on the affected endpoints. The SQLi caused by CWE-209: Generation of Error Message Containig Sensetive Information, showing parts of the aspx...

E-Negosyo System 1.0 SQL Injection

Exploit Title: E-Negosyo System 1.0 - Time-Based Blind SQLi - admin/login.php Date: 2021-09-22 Exploit Author: Janik Wehrli Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/bsenordering0.zip Version:...

Library Management System 1.0 SQL Injection

Exploit Title: Library Management System 1.0 - Blind Time-Based SQL Injection Unauthenticated Exploit Author: Bobby Cooke @0xBoku & Adeeb Shah @hyd3sec Date: 16/09/2021 Vendor Homepage: https://www.sourcecodester.com/php/12469/library-management-system-using-php-mysql.html Software Link:...

CVE-2021-27999

A SQL injection vulnerability was discovered in the editid parameter in Local Services Search Engine Management System Project 1.0. This vulnerability gives admin users the ability to dump all data from the database...

Exploit for CVE-2021-22146

cve-2021-22146 I found during a internal pentest...

WordPress Poll, Survey, Questionnaire And Voting System 1.5.2 SQL Injection

Exploit Title: WordPress Plugin Poll, Survey, Questionnaire and Voting system 1.5.2 - 'dateanswers' Blind SQL Injection Date: 09/06/2021 Exploit Author: inspired - Toby Jackson Blog Post: https://in-spired.xyz/wpdevart-polls-blind-sql-injection/ Vendor Homepage:...

PT-2020-20350 · Telestream · Telestream Tektronix Sentry +1

Name of the Vulnerable Software and Affected Versions: Telestream Tektronix Medius versions prior to 10.7.5 Telestream Tektronix Sentry versions prior to 10.7.5 Description: The issue allows an unauthenticated attacker to perform SQL injection, enabling them to dump database contents. This is...

Webgalamb Information Disclosure / XSS / CSRF / SQL Injection

Summary ------- Vendor: E.N.S. Zrt www.ens.hu Product: Webgalamb www.webgalamb.hu, www.facebook.com/webgalamb Webgalamb is a commercial email marketing software for managing subscription lists and sending out bulk emails. It is not SaaS but a PHP based web application that is typically hosted nex...

DEBIAN-CVE-2018-1000871

HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in "idutentemod" parameter in gestioneutenti.php file that can result in An attacker can dump all the database records of backend webserver. This attack appear to be exploitable via the attack can be done...

SQLMap v1.2.9 - Automatic SQL Injection And Database Takeover Tool

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...

SAP Sybase Adaptive Server Enterprise Backup Server Component Security Bypass Vulnerability

SAP Sybase Adaptive Server Enterprise ASE is a relational database management system from SAP. The system can be used in data-intensive environments , and has a fast , stable performance , etc. Backup Server is one of the backup server . A security vulnerability exists in the Backup Server...