CVE-2018-25415

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the director parameter. Attackers can send GET requests to director.php with crafted SQL payloads in the director parameter to...

EUVD-2018-21936

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the actor parameter. Attackers can send GET requests to actor.php with crafted SQL payloads in the actor parameter to extract...

CVE-2018-25414

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the actor parameter. Attackers can send GET requests to actor.php with crafted SQL payloads in the actor parameter to extract...

CVE-2018-25415 AiOPMSD Final 1.0.0 SQL Injection via director Parameter

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the director parameter. Attackers can send GET requests to director.php with crafted SQL payloads in the director parameter to...

CVE-2018-25413 AiOPMSD Final 1.0.0 SQL Injection via search.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET requests to search.php with crafted SQL payloads to extract sensitive database informati...

EUVD-2018-21935

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET requests to search.php with crafted SQL payloads to extract sensitive database informati...

CVE-2018-25413

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET requests to search.php with crafted SQL payloads to extract sensitive database informati...

CVE-2018-25413 AiOPMSD Final 1.0.0 SQL Injection via search.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET requests to search.php with crafted SQL payloads to extract sensitive database informati...

CVE-2018-25410 SIM-PKH 2.4.1 SQL Injection via media.php id Parameter

SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to /admin/media.php with module=pengurus and act=editpengurus parameters containing SQ...

EUVD-2018-21932

SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to /admin/media.php with module=pengurus and act=editpengurus parameters containing SQ...

EUVD-2018-21933

MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to email.php with crafted SQL payloads in the 'id' parameter to...

CVE-2018-25411

MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to email.php with crafted SQL payloads in the 'id' parameter to...

CVE-2018-25411

CVE-2018-25411 affects MGB OpenSource Guestbook 0.7.0.2. The vulnerability is an SQL injection in the email.php endpoint vulnerable to crafted payloads via the id parameter, allowing unauthenticated attackers to execute arbitrary SQL and potentially enumerate database tables and columns. The issu...

CVE-2018-25410

SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to /admin/media.php with module=pengurus and act=editpengurus parameters containing SQ...

CVE-2018-25410 SIM-PKH 2.4.1 SQL Injection via media.php id Parameter

SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to /admin/media.php with module=pengurus and act=editpengurus parameters containing SQ...

CVE-2018-25411 MGB OpenSource Guestbook 0.7.0.2 SQL Injection via email.php

MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to email.php with crafted SQL payloads in the 'id' parameter to...

CVE-2018-25411 MGB OpenSource Guestbook 0.7.0.2 SQL Injection via email.php

MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to email.php with crafted SQL payloads in the 'id' parameter to...

CVE-2018-25410

SIM-PKH 2.4.1 contains an SQL injection in admin/media.php via the id parameter. In the affected flow, an authenticated attacker can craft GET requests with module=pengurus and act=editpengurus to inject SQL UNION statements, enabling extraction of database information (usernames, database names,...

CVE-2018-25407 eNdonesia Portal 8.7 SQL Injection via mod.php

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters across...

CVE-2018-25407 eNdonesia Portal 8.7 SQL Injection via mod.php

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters across...