Exploit for SQL Injection in Ultimatemember Ultimate_Member

CVE-2024-1071 CVE-2024-1071 Ultimate Member Unauthor...

GLPI Security Vulnerabilities

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

BackWPup < 4.0.4 - Unauthenticated Backup Download

Description The plugin does not prevent visitors from leaking key information about ongoing backups, allowing unauthenticated attackers to download backups of a site's database. PoC 1 Ensure that Apache is configured with the ability to list directory content. 2 When this is done, you can see the...

PT-2024-21071 · Avsystem · Avsystem Unified Management Platform

Name of the Vulnerable Software and Affected Versions: AVSystem Unified Management Platform UMP version 23.07.0.16567LTS Description: The issue concerns the insecure storage of LDAP passwords in the authentication functionality. This allows members with read access to the application database to...

Client Details System 1.0 SQL Injection

Exploit Title: CVE-2023-7137ClientDetailsSystem-SQLInjection1 + Date: 2023-26-12 + Exploit Author: Hamdi Sevben + Vendor Homepage: https://code-projects.org/client-details-system-in-php-with-source-code/ + Software Link:...

PT-2024-17869 · Badger Meter · Badger Meter Monitool

Name of the Vulnerable Software and Affected Versions: Badger Meter Monitool versions 4.6.3 and earlier Description: A remote attacker could send a specially crafted SQL query to the server via the j username parameter and retrieve the information stored in the database. This issue allows an...

WordPress Duplicator Data Exposure / Account Takeover

Exploit Title: WordPress Plugin Duplicator 1.5.7.1 - Unauthenticated Sensitive Data Exposure to Account Takeover Google Dork: inurl:"plugins/duplicator/" Date: 2023-12-04 Exploit Author: Dmitrii Ignatyev Vendor Homepage:...

WordPress Hide My WP < 6.2.9 - Unauthenticated SQL injection Vulnerability

Exploit Title: Wordpress Plugin Hide My WP 6.2.9 - Unauthenticated SQLi Original Researcher: Xenofon Vassilakopoulos Exploit Author: Xenofon Vassilakopoulos Submitter: Xenofon Vassilakopoulos Vendor Homepage: https://wpwave.com/ Version: Hide My WP v6.2.8 and prior Tested on: Hide My WP v6.2.7...

Hide My WP &lt; 6.2.9 - Unauthenticated SQLi

Exploit Title: Wordpress Plugin Hide My WP 6.2.9 - Unauthenticated SQLi Publication Date: 2023-01-11 Original Researcher: Xenofon Vassilakopoulos Exploit Author: Xenofon Vassilakopoulos Submitter: Xenofon Vassilakopoulos Vendor Homepage: https://wpwave.com/ Version: Hide My WP v6.2.8 and prior...

BIT-RESOURCESPACE-2021-41765

A SQL injection issue in pages/editfields/9ajax/addkeyword.php of ResourceSpace 9.5 and 9.6 rev 18274 allows remote unauthenticated attackers to execute arbitrary SQL commands via the k parameter. This allows attackers to uncover the full contents of the ResourceSpace database, including user...

Sql injection

A vulnerability was found in code-projects E-Commerce Website 1.0. It has been classified as critical. Affected is an unknown function of the file indexsearch.php. The manipulation of the argument search leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

PT-2024-21193 · Miniorange · Miniorange Malware Scanner

Name of the Vulnerable Software and Affected Versions: miniorange Malware Scanner versions through 4.7.2 Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as 'SQL Injection'. This allows for potential exploitation by injecting...

PT-2024-21202 · Skymoonlabs · Skymoonlabs Moveto

Name of the Vulnerable Software and Affected Versions: Skymoonlabs MoveTo versions prior to 6.2 Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as SQL Injection. This allows for potential exploitation by injecting malicious SQ...

The vulnerability of the network management system for monitoring and managing industrial networks in SINEC NMS lies in the lack of measures to protect the SQL query structure. This allows attackers to execute arbitrary SQL queries against the server’s database.

The vulnerability of the network management system for monitoring and managing industrial networks in SINEC NMS relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the server’s...

Exploit for SQL Injection in Ultimatemember Ultimate_Member

CVE-2024-1071 Ultimate Member Unauthorized Database Access...

taskhub 2.8.7 - SQL Injection Vulnerability

Exploit Title: taskhub 2.8.7 - SQL Injection Exploit Author: CraCkEr Vendor: Infinitie Technologies Vendor Homepage: https://www.infinitietech.com/ Software Link: https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874 Demo: https://taskhub.company/auth Tested on: Windows...

taskhub 2.8.7 - SQL Injection

Exploit Title: taskhub 2.8.7 - SQL Injection Exploit Author: CraCkEr Date: 05/09/2023 Vendor: Infinitie Technologies Vendor Homepage: https://www.infinitietech.com/ Software Link: https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874 Demo: https://taskhub.company/auth...

CVE-2022-43842

IBM Aspera Console 3.4.0 through 3.4.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 239079...

Code injection

The database access credentials configured during installation are stored in a special table, and are encrypted with a shared key, same among all Comarch ERP XL client installations. This could allow an attacker with access to that table to retrieve plain text passwords. This issue affects ERP XL...

CVE-2023-4538 Shared Key in Comarch ERP XL

The database access credentials configured during installation are stored in a special table, and are encrypted with a shared key, same among all Comarch ERP XL client installations. This could allow an attacker with access to that table to retrieve plain text passwords. This issue affects ERP XL...