80491 matches found
CVE-2018-25351 Joomla! Component EkRishta 2.10 SQL Injection via username
Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the username parameter. Attackers can submit POST requests to the login endpoint with SQL injection payloads ...
EUVD-2018-21873
Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the username parameter. Attackers can submit POST requests to the login endpoint with SQL injection payloads ...
CVE-2018-25351 Joomla! Component EkRishta 2.10 SQL Injection via username
Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the username parameter. Attackers can submit POST requests to the login endpoint with SQL injection payloads ...
CVE-2018-25351
Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the username parameter. Attackers can submit POST requests to the login endpoint with SQL injection payloads ...
CVE-2018-25351
CVE-2018-25351 affects Joomla! Component EkRishta 2.10. The connected documents describe an error-based SQL injection in the username parameter that allows unauthenticated attackers to execute arbitrary SQL queries by sending POST requests to the login endpoint, leaking database information inclu...
CVE-2018-25348 Joomla! Component Ek Rishta 2.10 SQL Injection via user_detail
Joomla! Component Ek Rishta 2.10 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the userdetail view with malicious cid values containing SQL commands t...
CVE-2018-25348
Joomla! Component Ek Rishta 2.10 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the userdetail view with malicious cid values containing SQL commands t...
CVE-2018-25346
WordPress Form Maker Plugin 1.12.24 and below contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through the FormMakerSQLMapping and generetecsv actions. Attackers can submit POST requests with malicious SQL payloads in t...
CVE-2018-25347
WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generetecsvfmc AJAX actions. Attackers can inject malicious SQL code via the 'name' and 'searchlabels' parameter...
EUVD-2018-21864
Smartshop 1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'searched' parameter in search.php. Attackers can send GET requests with malicious SQL payloads like SLEEP commands to extract...
CVE-2018-25342 Smartshop 1 SQL Injection via search.php
Smartshop 1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'searched' parameter in search.php. Attackers can send GET requests with malicious SQL payloads like SLEEP commands to extract...
EUVD-2018-21862
Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to product.php with union-based SQL injection payloads in the id parameter to extract...
PT-2026-43096
Name of the Vulnerable Software and Affected Versions Dolibarr ERP CRM version 7.0.3 Description Unauthenticated attackers can achieve remote code execution by injecting PHP code through the db name parameter. This is performed by sending a POST request to the 'install/step1.php' endpoint...
Dolibarr ERP CRM 代码注入漏洞
Dolibarr ERP CRM is an open-source enterprise and sales management system developed by Dolibarr. Version 7.0.3 of Dolibarr ERP CRM contains a code injection vulnerability. This vulnerability stems from injecting PHP code via the dbname parameter, which may allow unauthenticated attackers to execu...
Smartshop SQL注入漏洞
Smartshop is an e-commerce website development template created by Ismail Ghallou. Version 1 of Smartshop has a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the id parameter, which may allow unauthenticated attackers to execute arbitrary SQL queries...
Joomla Component Ek Rishta SQL注入漏洞
The Joomla component Ek Rishta is a Joomla-based dating and networking website component developed by the Ek Rishta team. Version 2.10 of the Ek Rishta component contains a SQL injection vulnerability. This vulnerability arises from injecting SQL code via the cid parameter, which may allow...
web-app-security-lab
Vulnerable Web App — Attack & Defend Lab A deliberately-vulne...
YesWiki: Unauthenticated SQL Injection
Summary An unauthenticated SQL injection in the Bazar form-import path FormManager::create allows any unauthenticated visitor of a default YesWiki install to inject arbitrary SQL into an INSERT statement and read the full database, including yeswikiusers.password hashes. Present in 4.6.1 / 4.6.2 ...
GHSA-JWVV-QR7Q-CV8J YesWiki: Unauthenticated SQL Injection
Summary An unauthenticated SQL injection in the Bazar form-import path FormManager::create allows any unauthenticated visitor of a default YesWiki install to inject arbitrary SQL into an INSERT statement and read the full database, including yeswikiusers.password hashes. Present in 4.6.1 / 4.6.2 ...
OESA-2026-2421 php security update
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...