225 matches found
CVE-2015-20120
CVE-2015-20120 maps to RealtyScript 4.0.2 from Next Click Ventures, which contains multiple time-based blind SQL injection vulnerabilities. The flaw allows unauthenticated attackers to infer database contents by sending time-delay payloads in application parameters, effectively exposing data char...
CVE-2015-20120 RealtyScript 4.0.2 Multiple Time-based Blind SQL Injection
Next Click Ventures RealtyScript 4.0.2 contains multiple time-based blind SQL injection vulnerabilities that allow unauthenticated attackers to extract database information by injecting SQL code into application parameters. Attackers can craft requests with time-delay payloads to infer database...
PT-2026-24969
XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to extract sensitive database information...
PT-2026-24976
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gallery id parameter. Attackers can send GET requests to gallery.php with malicious gallery id values using...
EUVD-2019-19764
Varient 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit POST requests with crafted SQL payloads in the userid field to bypass authentication and extract...
CVE-2019-25507
Ashop Shopping Cart Software contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'shop' parameter. Attackers can send GET requests to index.php with malicious 'shop' values using UNION-based SQL injection t...
CVE-2019-25490
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' parameter. Attackers can send GET requests to the admin/edit.php endpoint with time-based SQL injection payloads to extract sensitive...
CVE-2019-25493
CVE-2019-25493 affects Homey BNB V4 with an SQL injection in admin/getrecord.php exploitable via the val parameter. Unauthenticated attackers can send GET requests to manipulate queries and extract sensitive database information. CVSS v3.1 base score 8.2 (HIGH) with Network attack vector, Low com...
CVE-2019-25490
Homey BNB V4 contains an unauthenticated SQL injection vulnerability in admin/edit.php, exploitable via the id parameter. Time-based payloads can manipulate queries to extract sensitive database information. The description notes high impact on confidentiality and low impact on integrity, with no...
CVE-2019-25366
microASP Portal+ CMS contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the explodetree parameter. Attackers can send crafted requests to pagina.phtml with SQL injection payloads using extractvalue and...
CVE-2019-25456 Web Ofisi Emlak v2 SQL Injection via ara Parameter
Web Ofisi Emlak v2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'ara' GET parameter. Attackers can send requests to with time-based SQL injection payloads to extract sensitive database information or...
CVE-2026-2744
...
CVE-2025-8781
CVE-2025-8781 affects the Bookster – WordPress Appointment Booking Plugin for WordPress. Versions up to 2.1.1 are vulnerable to SQL Injection via the raw parameter due to insufficient escaping and lack of proper query preparation, allowing authenticated attackers with Administrator-level access t...
GHSA-P864-FQGV-92Q4 OpenSTAManager has a Time-Based Blind SQL Injection in Article Pricing Module
Summary Critical Time-Based Blind SQL Injection vulnerability in the article pricing module of OpenSTAManager v2.9.8 allows authenticated attackers to extract complete database contents including user credentials, customer data, and financial records through time-based Boolean inference attacks...
PT-2026-6851
Summary Critical Error-Based SQL Injection vulnerability in the Scadenzario Payment Schedule bulk operations module of OpenSTAManager v2.9.8 allows authenticated attackers to extract complete database contents including user credentials, customer PII, and financial records through XML error...
CVE-2020-37083
PHP AddressBook 9.0.0.1 contains a time-based blind SQL injection vulnerability that allows remote attackers to manipulate database queries through the 'id' parameter. Attackers can inject crafted SQL statements with time delays to extract information by observing response times in the photo.php...
PT-2026-5281
berliCRM 1.0.24 contains a SQL injection vulnerability in the 'src record' parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through a crafted POST request to the index.php endpoint to potentially extract or modify database information...
CVE-2020-36972
SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'idpost' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted SQL queries that compare...
CVE-2020-36972 SmartBlog 2.0.1 - 'id_post' Blind SQL injection
SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'idpost' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted SQL queries that compare...
EUVD-2020-30879
SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'idpost' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted SQL queries that compare...