Lucene search
K

1836 matches found

CVE
CVE
added 2026/03/06 12:19 p.m.16 views

CVE-2018-25199

CVE-2018-25199 affects OOP CMS BLOG 1.0, with concrete SQL injection flaws in multiple entry points. An unauthenticated attacker can inject SQL via the parameters: search (search.php), pageid (page.php), and id (posts.php) to retrieve database information, including table names, schema names, and...

9.8CVSS6.1AI score0.0036EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/06 12:19 p.m.3 views

CVE-2018-25197

PlayJoom 0.10.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. Attackers can send GET requests to index.php with option=complayjoom&view=genre&catid=SQL to extract sensitive...

8.8CVSS6.1AI score0.00237EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/06 12:19 p.m.30 views

CVE-2018-25194 Nominas 0.27 SQL Injection via username Parameter

Nominas 0.27 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username parameter. Attackers can send POST requests to the login/checklogin.php endpoint with crafted UNION-based SQL injection...

8.8CVSS0.00311EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/06 12:19 p.m.4 views

CVE-2018-25189 Data Center Audit 2.6.2 SQL Injection via username Parameter

Data Center Audit 2.6.2 contains an SQL injection vulnerability in the username parameter of dcalogin.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted SQL payloads through POST requests to extract sensitive database information including...

8.8CVSS6.1AI score0.00237EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/06 12:19 p.m.29 views

CVE-2018-25189 Data Center Audit 2.6.2 SQL Injection via username Parameter

Data Center Audit 2.6.2 contains an SQL injection vulnerability in the username parameter of dcalogin.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted SQL payloads through POST requests to extract sensitive database information including...

8.8CVSS0.00237EPSS
Exploits0References2
CVE
CVE
added 2026/03/06 12:19 p.m.17 views

CVE-2018-25189

Data Center Audit 2.6.2 contains an SQL injection vulnerability in the username parameter of dca_login.php that allows unauthenticated attackers to submit crafted SQL payloads via POST to extract sensitive DB information (usernames, database names, version details). CVSS vectors: CVSS3.1 (AV:N/AC...

8.8CVSS6.1AI score0.00237EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.4 views

PT-2026-23678

Meneame English Pligg 5.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can send GET requests to index.php with crafted SQL payloads in the search parameter to...

8.8CVSS6.1AI score0.00232EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/04 5:15 p.m.6 views

CVE-2019-25503 PHPads 2.0 SQL Injection via click.php3 bannerID

PHPads 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bannerID parameter in click.php3. Attackers can submit crafted bannerID values using SQL comment syntax and functions like extractvalue...

7.1CVSS6.2AI score0.00328EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.10 views

PT-2026-22958

PHPads 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bannerID parameter in click.php3. Attackers can submit crafted bannerID values using SQL comment syntax and functions like extractvalue...

7.1CVSS6.2AI score0.00328EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/03 12:0 a.m.5 views

CVE-2021-35484

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic for the View Campaign page via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive...

8.2CVSS6AI score0.00235EPSS
Exploits0References4
CVE
CVE
added 2026/03/03 12:0 a.m.14 views

CVE-2021-35484

The CVE-2021-35484 entry affects Nokia IMPACT (through 19.11.2.10-20210118042150283). A authenticated user can perform a Time-based Boolean Blind SQL Injection on the endpoint /ui/rest-proxy/campaign/statistic (View Campaign page) via the sortColumn HTTP GET parameter, enabling access to database...

8.2CVSS6AI score0.00235EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/28 7:45 p.m.13 views

CVE-2019-25491

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requests to the admin/cmsgetpagetitle.php endpoint with malicious catid values to extract sensitive...

8.8CVSS6AI score0.00321EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/28 7:45 p.m.9 views

CVE-2019-25496

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the productsid parameter. Attackers can modify the productsid value in productinfo.php requests and append boolean-based SQL injection...

8.8CVSS6AI score0.00327EPSS
Exploits1References1
EUVD
EUVD
added 2026/02/27 6:31 p.m.5 views

EUVD-2019-19722

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the productsid parameter. Attackers can modify the productsid value in productinfo.php requests and append boolean-based SQL injection...

8.8CVSS6AI score0.00327EPSS
Exploits1References4
OSV
OSV
added 2026/02/27 6:16 p.m.3 views

CVE-2019-25497

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the currency parameter. Attackers can send GET requests to shoppingcart.php with malicious currency values using boolean-based SQL injection...

7.5CVSS5.9AI score
Exploits0References3
Cvelist
Cvelist
added 2026/02/27 5:23 p.m.28 views

CVE-2019-25496 osCommerce 2.3.4.1 SQL Injection via products_id Parameter

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the productsid parameter. Attackers can modify the productsid value in productinfo.php requests and append boolean-based SQL injection...

8.8CVSS0.00327EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/27 5:23 p.m.25 views

CVE-2019-25493 Homey BNB V4 SQL Injection via getrecord.php

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive databas...

8.8CVSS0.00315EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/27 5:23 p.m.5 views

CVE-2019-25493 Homey BNB V4 SQL Injection via getrecord.php

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive databas...

8.8CVSS6AI score0.00315EPSS
Exploits1References3
NVD
NVD
added 2026/02/22 3:16 p.m.8 views

CVE-2019-25455

Web Ofisi E-Ticaret v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'a' parameter. Attackers can send GET requests to with malicious 'a' parameter values to extract sensitive database information...

8.8CVSS0.00397EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/22 2:12 p.m.4 views

CVE-2019-25455

Web Ofisi E-Ticaret v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'a' parameter. Attackers can send GET requests to with malicious 'a' parameter values to extract sensitive database information...

8.8CVSS5.9AI score0.00397EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder