PT-2026-44864

HaPe PKH 1.1 contains multiple SQL injection vulnerabilities in admin/media.php that allow attackers to manipulate database queries by injecting SQL code through the 'id' parameter. An unauthenticated attacker can exploit the desa module module=desa&act=hapus, while authenticated users can exploi...

CVE-2019-25580

CVE-2019-25580 concerns ownDMS 4.7, where an SQL injection exists in the IMG parameter. The vulnerability enables unauthenticated attackers to send crafted SQL payloads via GET requests to pdfstream.php, imagestream.php, or anyfilestream.php to extract sensitive DB information (e.g., version, dat...

CVE-2025-65090

Summary: CVE-2025-65090 affects the XWiki Full Calendar Macro. Prior to version 2.4.6, users with rights to view the Calendar.JSONService page (including guests) could access database information via the calendar data exposed by the macro, constituting a data-leak vulnerability. The issue has bee...

CVE-2021-47704

OpenBMCS 2.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting arbitrary SQL code. Attackers can send GET requests to /debug/obixtest.php with malicious 'id' values to extract database information...

Winter CMS 1.2.3 - Server-Side Template Injection (SSTI) (Authenticated)

Exploit Title: Winter CMS 1.2.2 - Server-Side Template Injection SSTI Authenticated Exploit Author: tmrswrr Date: 12/05/2023 Vendor: https://wintercms.com/ Software Link: https://github.com/wintercms/winter/releases/v1.2.2 Vulnerable Versions: 1.2.2 Tested :...

Tencent TDSQL Chitu management platform Cross-Site Scripting Vulnerability

Tencent TDSQL Chitu management platform is a tdsql chitu management platform from China's Tencent Tencent. A cross-site scripting vulnerability exists in Tencent TDSQL Chitu management platform version v.10.3.19.5.0, which originated from a vulnerability that allows remote attackers to obtain...

SQL Injection Vulnerability in Jeecg Boot of Beijing Guo Torch Information Technology Co.

Jeecg Boot is a low-code BPM-based platform. A SQL injection vulnerability exists in Jeecg Boot, which can be exploited by an attacker to obtain sensitive database information...

SQL Injection Vulnerability in kkcms frontend re***.php file

kkcms is an open source video capture and playback system . The system is mainly used to automatically capture film and television resources and provide online playback capabilities. kkcms front re.php file SQL injection vulnerability. Attackers can use the vulnerability to obtain sensitive...

CVE-2019-17503

An issue was discovered in Kirona Dynamic Resource Scheduling DRS 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd aka /osmtiles/REGISTER.cmd directly: it contains sensitive information about the database through the SQL queries within this batch file. This file exposes SQL database...

Code injection

Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the Database Prefix field on the Database Info screen of install.php...

CVE-2018-10429

Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the Database Prefix field on the Database Info screen of install.php...

PHPSHE open source mall system class_id parameter SQL injection vulnerabilities exist

PHPSHE mall system is a combination of product display, online shopping, order management, payment management, article management, customer consultation feedback and other functions, providing users with online shopping mall construction program. PHPSHE open source mall system classid parameter S...

Generalized SQL Injection Vulnerability in Abilify Multiservice Smart Gateway

Abilify Multi-service Smart Gateway is a product of Beijing Hai Rui Xing Ye Technology Co. A generic SQL injection vulnerability exists in Abilify Multi-service Smart Gateway. It allows attackers to utilize common SQL injection tools to obtain sensitive database information...

XOOPS 2.0.14 Article Module - 'article.php' SQL Injection Vulnerability

No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register import re class TestPOCPOCBase: vulID = '84999' ssvid version = '1.0' author = 'kikay' vulDate = '2008-05-06' createDate ...

Webee Comments Component 1.1/1.2 for Joomla! index2.php articleId SQL Injection

No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register import re class TestPOCPOCBase: vulID = '86842' ssvid version = '1.0' author = 'kikay' vulDate = '2010-02-22' createDate ...

H K Digital Online SQL Injection

Exploit Author:Th3 R0cksT3r Exploit Title: H K Digital Online SQL Injection Date: 15.02.2014 Email: [email protected] Vendor Homepage: http://www.hkdigitalonline.com/ Facebook: Facebook.com/thee.rocksTer Google Dork: inurl:".php?id=" intext:"Powered by H K Digital Online." === Material's...

CDKWeb SQL Injection

==== Exploit Author:Th3 R0cksT3r ==== Exploit Title: CDKWeb SQL injection Date: 06.02.2014 Email: [email protected] Vendor Homepage: http://www.cdkweb.com/ Facebook: Facebook.com/thee.rocksTer Google Dork: inurl:.php?id= intext:Website Design and Web Development by CDKWeb Risk: High ===...

CiscoWorks Common Services 3.1.1 - Auditing Directory Traversal

source: https://www.securityfocus.com/bid/47905/info CiscoWorks Common Services is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. A remote attacker could exploit this vulnerability using directory-traversal strings such as '../' to gain...

Mura CMS <= 5.1 xss

Exploit for unknown platform in category web applications =================== Mura CMS = 5.1 xss =================== Objective: Mura CMS = 5.1 Type: Disclosure of ways Threat: Medium Date Discovered: 22.09.2009 Date of notification Developer: 22.09.2009 Released corrections: Author: Vladimir...

WP Comment Remix 1.4.3 Remote SQL Injection Exploit

Exploit for unknown platform in category web applications =================================================== WP Comment Remix 1.4.3 Remote SQL Injection Exploit =================================================== \n"; print "\n : Hostname or IP Address"; print "\n : Path to WordPress Defaults to...