portswigger-sqlinjection-labs

🔐 SQL Injection Attack Lab – PortSwigger Web Security Academy...

Exploit for Allocation of Resources Without Limits or Throttling in Espressif Esp-Idf

CVE-2024-51428 - ZoneMinder Blind SQL Injection PoC Python wr...

CVE-2025-64492

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 8.9.0 and below contain a time-based blind SQL Injection vulnerability. This vulnerability allows an authenticated attacker to infer data from the database by measuring response times,...

CVE-2025-56450

Log2Space Subscriber Management Software 1.1 is vulnerable to unauthenticated SQL injection via the leadid parameter in the /l2s/api/selfcareLeadHistory endpoint. A remote attacker can exploit this by sending a specially crafted POST request, resulting in the execution of arbitrary SQL queries. T...

📄 Log2Space Subscriber Management Software 1.1 SQL Injection

Log2Space Subscriber Management Software version 1.1 suffers from an unauthenticated remote SQL injection vulnerability. Author: Aditya Patil [email protected] Rohan Patil [email protected] CVE-2025-56450 Unauthenticated SQL Injection in Log2Space Subscriber Management Software...

EUVD-2020-3791

Malware in sbrugna...

EUVD-2023-43899

Malicious code in bioql PyPI...

sqlmap-ctt

sqlmap-CTT ========== sqlmap-CTT is an advanced SQL injection t...

CVE-2025-55444

A SQL injection vulnerability exists in the id2 parameter of the cancelbooking.php page in Online Artwork and Fine Arts MCA Project 1.0. A remote attacker can inject arbitrary SQL queries, leading to database enumeration and potential remote code execution...

CVE-2025-55444

A SQL injection vulnerability exists in the id2 parameter of the cancelbooking.php page in Online Artwork and Fine Arts MCA Project 1.0. A remote attacker can inject arbitrary SQL queries, leading to database enumeration and potential remote code execution...

CVE-2025-55444

A SQL injection vulnerability exists in the id2 parameter of the cancelbooking.php page in Online Artwork and Fine Arts MCA Project 1.0. A remote attacker can inject arbitrary SQL queries, leading to database enumeration and potential remote code execution...

CVE-2025-55444

The CVE-2025-55444 entry affects Online Artwork and Fine Arts MCA Project 1.0, with a vulnerability in the parameter of cancel_booking.php that allows SQL injection. The root cause is unsanitized user input in the parameter, enabling arbitrary SQL queries, leading to database enumeration and po...

PT-2025-34122 · Unknown · Online Artwork/Fine Arts Mca Project

Name of the Vulnerable Software and Affected Versions: Online Artwork and Fine Arts MCA Project version 1.0 Description: A SQL injection vulnerability exists in the id2 parameter of the cancel booking.php page. A remote attacker can inject arbitrary SQL queries, leading to database enumeration an...

Online Artwork and Fine Arts 安全漏洞

Online Artwork and Fine Arts is an online artwork display box selling project by the individual developer Vishal Mathur. A security vulnerability exists in Online Artwork and Fine Arts version 1.0, which stems from a SQL injection in the id2 parameter of the cancelbooking.php page, which could le...

Exploit for CVE-2026-2058

CLOUD-CLASSROOMS-php-1.0 PoC - Sql Injection Erro Based Prese...

CVE-2020-11437

LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to enumerate the database...

VulnCheck KEV: CVE-2024-8503

An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database...

CVE-2024-45856

A cross-site scripting XSS vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, or dataset containing arbitrary JavaScript code within the web UI...

PT-2024-39060

Name of the Vulnerable Software and Affected Versions: VICIdial version 2.14-917a Description: An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database. An...

Loki RAT (Relapse) SQL Injection

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/aabb54951546132e70a8e9f02bf8b5baB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Loki RAT Relapse Vulnerability: SQL Injection Description: The LokiRAT WebUI panel for...