82392 matches found
CVE-2019-25508
Jettweb Php Hazir Ilan Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'kat' parameter. Attackers can send GET requests to the katgetir.php endpoint with malicious 'kat' values to...
CVE-2019-25488
Jettweb Hazir Rent A Car Scripti V4 contains multiple SQL injection vulnerabilities in the admin panel that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into the 'tur', 'id', and 'ozellikdil' parameters of the admin/index.php...
CVE-2019-25481
iScripts ReserveLogic contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the jqSearchDestination parameter. Attackers can send POST requests to the search endpoint with crafted SQL payloads to extract sensitiv...
CVE-2019-25473
Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthlyexpenseoverview endpoint with crafted month values using boolean-based blind,...
CVE-2019-25543 Netartmedia Real Estate Portal 5.0 SQL Injection via index.php
Netartmedia Real Estate Portal 5.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the page parameter. Attackers can submit POST requests to index.php with malicious SQL payloads in the page field to bypass...
CVE-2019-25543
Netartmedia Real Estate Portal 5.0 contains an unauthenticated SQL injection in the page parameter (via index.php) that allows attackers to manipulate queries, potentially bypass authentication and access or modify data. The vulnerability affects the server-side SQL handling of the page field. CV...
CVE-2019-25542 Netartmedia Real Estate Portal 5.0 SQL Injection via index.php
Netartmedia Real Estate Portal 5.0 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the useremail parameter. Attackers can send POST requests to index.php with malicious payloads in the useremail field to...
CVE-2019-25541
Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through unvalidated parameters. Attackers can inject time-based blind SQL payloads via the 'id' parameter in index.php or the 'Email' parameter in...
CVE-2019-25540
Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various parameters. Attackers can craft malicious requests with SQL payloads to extract sensitive database information includi...
CVE-2019-25540 Netartmedia PHP Mall 4.1 Multiple SQL Injection
Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various parameters. Attackers can craft malicious requests with SQL payloads to extract sensitive database information includi...
CVE-2019-25539 202CMS v10 beta SQL Injection via register.php
202CMS v10 beta contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the loguser parameter. Attackers can send POST requests to index.php with crafted SQL payloads using time-based blind injection technique...
CVE-2019-25539 202CMS v10 beta SQL Injection via register.php
202CMS v10 beta contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the loguser parameter. Attackers can send POST requests to index.php with crafted SQL payloads using time-based blind injection technique...
CVE-2019-25535
The CVE-2019-25535 entry concerns Netartmedia PHP Dating Site. It describes an SQL injection vulnerability in the login flow where an unauthenticated attacker can inject SQL via the Email field in loginaction.php, using time-based payloads to extract sensitive database information. Affected compo...
CVE-2019-25532 Netartmedia Jobs Portal 6.1 SQL Injection via loginaction.php
Netartmedia Jobs Portal 6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with crafted SQL payloads in the Email field to extract...
CVE-2019-25531
Netartmedia Deals Portal contains an SQL injection vulnerability in the Email parameter of loginaction.php that allows unauthenticated attackers to manipulate database queries. Attackers can submit crafted SQL payloads through POST requests to extract sensitive information or bypass authenticatio...
CVE-2019-25530
The CVE describes an SQL injection in the uHotelBooking System where unauthenticated attackers can inject through the system_page GET parameter in index.php. The vulnerability enables time-based blind SQL injection to extract sensitive database information, with CVSS scores indicating HIGH impact...
CVE-2019-25529
Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Attackers can send GET requests to the admin/edit.php endpoint with malicious 'page' values using boolean-based...
CVE-2019-25529 Placeto CMS Alpha rv.4 SQL Injection via page Parameter
Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Attackers can send GET requests to the admin/edit.php endpoint with malicious 'page' values using boolean-based...
CVE-2019-25528
Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the property1 parameter. Attackers can send POST requests to the search/searchdetailed endpoint with malicious SQL...
CVE-2019-25527
Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the numguest parameter. Attackers can send POST requests to the search/searchdetailed endpoint with malicious SQL payloa...