Lucene search
K

225 matches found

CVE
CVE
added 2026/03/15 6:35 p.m.9 views

CVE-2015-20120

CVE-2015-20120 maps to RealtyScript 4.0.2 from Next Click Ventures, which contains multiple time-based blind SQL injection vulnerabilities. The flaw allows unauthenticated attackers to infer database contents by sending time-delay payloads in application parameters, effectively exposing data char...

9.8CVSS6AI score0.00417EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/15 6:35 p.m.22 views

CVE-2015-20120 RealtyScript 4.0.2 Multiple Time-based Blind SQL Injection

Next Click Ventures RealtyScript 4.0.2 contains multiple time-based blind SQL injection vulnerabilities that allow unauthenticated attackers to extract database information by injecting SQL code into application parameters. Attackers can craft requests with time-delay payloads to infer database...

8.8CVSS0.00417EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.6 views

PT-2026-24969

XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to extract sensitive database information...

8.8CVSS5.9AI score0.00306EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.5 views

PT-2026-24976

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gallery id parameter. Attackers can send GET requests to gallery.php with malicious gallery id values using...

8.8CVSS5.9AI score0.00439EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/11 9:31 p.m.5 views

EUVD-2019-19764

Varient 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit POST requests with crafted SQL payloads in the userid field to bypass authentication and extract...

8.8CVSS5.9AI score0.00334EPSS
Exploits0References4
NVD
NVD
added 2026/03/04 6:16 p.m.8 views

CVE-2019-25507

Ashop Shopping Cart Software contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'shop' parameter. Attackers can send GET requests to index.php with malicious 'shop' values using UNION-based SQL injection t...

8.8CVSS0.00237EPSS
Exploits0References2
NVD
NVD
added 2026/02/27 6:16 p.m.4 views

CVE-2019-25490

Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' parameter. Attackers can send GET requests to the admin/edit.php endpoint with time-based SQL injection payloads to extract sensitive...

8.8CVSS0.00321EPSS
Exploits1References3
CVE
CVE
added 2026/02/27 5:23 p.m.11 views

CVE-2019-25493

CVE-2019-25493 affects Homey BNB V4 with an SQL injection in admin/getrecord.php exploitable via the val parameter. Unauthenticated attackers can send GET requests to manipulate queries and extract sensitive database information. CVSS v3.1 base score 8.2 (HIGH) with Network attack vector, Low com...

8.8CVSS6AI score0.00315EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/02/27 5:23 p.m.14 views

CVE-2019-25490

Homey BNB V4 contains an unauthenticated SQL injection vulnerability in admin/edit.php, exploitable via the id parameter. Time-based payloads can manipulate queries to extract sensitive database information. The description notes high impact on confidentiality and low impact on integrity, with no...

8.8CVSS6AI score0.00321EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/02/22 2:15 p.m.6 views

CVE-2019-25366

microASP Portal+ CMS contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the explodetree parameter. Attackers can send crafted requests to pagina.phtml with SQL injection payloads using extractvalue and...

8.8CVSS0.00346EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/22 2:12 p.m.2 views

CVE-2019-25456 Web Ofisi Emlak v2 SQL Injection via ara Parameter

Web Ofisi Emlak v2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'ara' GET parameter. Attackers can send requests to with time-based SQL injection payloads to extract sensitive database information or...

9.1CVSS5.8AI score0.00464EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/19 1:58 p.m.32 views

CVE-2026-2744

...

Exploits0
CVE
CVE
added 2026/02/18 12:28 p.m.16 views

CVE-2025-8781

CVE-2025-8781 affects the Bookster – WordPress Appointment Booking Plugin for WordPress. Versions up to 2.1.1 are vulnerable to SQL Injection via the raw parameter due to insufficient escaping and lack of proper query preparation, allowing authenticated attackers with Administrator-level access t...

4.9CVSS5.9AI score0.00339EPSS
Exploits0References3
OSV
OSV
added 2026/02/06 6:19 p.m.3 views

GHSA-P864-FQGV-92Q4 OpenSTAManager has a Time-Based Blind SQL Injection in Article Pricing Module

Summary Critical Time-Based Blind SQL Injection vulnerability in the article pricing module of OpenSTAManager v2.9.8 allows authenticated attackers to extract complete database contents including user credentials, customer data, and financial records through time-based Boolean inference attacks...

8.7CVSS6.1AI score0.00366EPSS
Exploits3References3
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.5 views

PT-2026-6851

Summary Critical Error-Based SQL Injection vulnerability in the Scadenzario Payment Schedule bulk operations module of OpenSTAManager v2.9.8 allows authenticated attackers to extract complete database contents including user credentials, customer PII, and financial records through XML error...

8.7CVSS6.4AI score
Exploits0References3
NVD
NVD
added 2026/02/03 10:16 p.m.6 views

CVE-2020-37083

PHP AddressBook 9.0.0.1 contains a time-based blind SQL injection vulnerability that allows remote attackers to manipulate database queries through the 'id' parameter. Attackers can inject crafted SQL statements with time delays to extract information by observing response times in the photo.php...

8.8CVSS0.00302EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.7 views

PT-2026-5281

berliCRM 1.0.24 contains a SQL injection vulnerability in the 'src record' parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through a crafted POST request to the index.php endpoint to potentially extract or modify database information...

8.2CVSS6AI score0.00278EPSS
Exploits0References4
OSV
OSV
added 2026/01/28 6:16 p.m.4 views

CVE-2020-36972

SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'idpost' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted SQL queries that compare...

7.5CVSS5.8AI score0.00282EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/01/28 5:35 p.m.31 views

CVE-2020-36972 SmartBlog 2.0.1 - 'id_post' Blind SQL injection

SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'idpost' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted SQL queries that compare...

8.8CVSS0.00282EPSS
Exploits1References3
EUVD
EUVD
added 2026/01/28 5:35 p.m.6 views

EUVD-2020-30879

SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'idpost' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted SQL queries that compare...

8.8CVSS5.9AI score0.00282EPSS
Exploits1References3
Rows per page
Query Builder