82389 matches found
CVE-2018-25194
Nominas 0.27 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username parameter. Attackers can send POST requests to the login/checklogin.php endpoint with crafted UNION-based SQL injection...
CVE-2018-25194
Nominas 0.27 contains an unauthenticated SQL injection in the username parameter via POST to login/checklogin.php, enabling arbitrary SQL queries to extract database information (usernames, database names, version details) using UNION-based payloads. No remediation details are provided in the doc...
CVE-2018-25192
GPS Tracking System 2.12 is vulnerable to SQL injection via the username parameter in login.php, allowing unauthenticated bypass of authentication. The underlying issue is a SQL injection in the login flow, enabling attackers to gain unauthorized access without valid credentials. Reported impact ...
CVE-2018-25192 GPS Tracking System 2.12 SQL Injection via username Parameter
GPS Tracking System 2.12 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit crafted POST requests to the login.php endpoint with SQL injection payloads in the username...
CVE-2018-25191
Facturation System 1.0 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'modid' parameter. Attackers can send POST requests to the editarproducto.php endpoint with crafted SQL payloads in the modid...
CVE-2018-25191 Facturation System 1.0 SQL Injection via editar_producto.php
Facturation System 1.0 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'modid' parameter. Attackers can send POST requests to the editarproducto.php endpoint with crafted SQL payloads in the modid...
CVE-2018-25191
CVE-2018-25191 affects Facturation System 1.0. It describes an SQL injection in the editar_producto.php endpoint, exploitable by authenticated attackers via POST requests that submit crafted payloads in the mod_id parameter. The vulnerability allows extraction of sensitive data (usernames, databa...
CVE-2018-25189
Data Center Audit 2.6.2 contains an SQL injection vulnerability in the username parameter of dca_login.php that allows unauthenticated attackers to submit crafted SQL payloads via POST to extract sensitive DB information (usernames, database names, version details). CVSS vectors: CVSS3.1 (AV:N/AC...
CVE-2018-25189 Data Center Audit 2.6.2 SQL Injection via username Parameter
Data Center Audit 2.6.2 contains an SQL injection vulnerability in the username parameter of dcalogin.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted SQL payloads through POST requests to extract sensitive database information including...
CVE-2018-25189 Data Center Audit 2.6.2 SQL Injection via username Parameter
Data Center Audit 2.6.2 contains an SQL injection vulnerability in the username parameter of dcalogin.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted SQL payloads through POST requests to extract sensitive database information including...
CVE-2018-25188 Webiness Inventory 2.3 SQL Injection via WsModelGrid.php
Webiness Inventory 2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the order parameter. Attackers can send POST requests to the WsModelGrid.php endpoint with crafted SQL payloads to extract...
CVE-2018-25187 Tina4 Stack 1.0.3 SQL Injection and Database File Download
Tina4 Stack 1.0.3 contains multiple vulnerabilities allowing unauthenticated attackers to access sensitive database files and execute SQL injection attacks. Attackers can directly request the kim.db database file to retrieve user credentials and password hashes, or inject SQL code through the men...
CVE-2018-25187 Tina4 Stack 1.0.3 SQL Injection and Database File Download
Tina4 Stack 1.0.3 contains multiple vulnerabilities allowing unauthenticated attackers to access sensitive database files and execute SQL injection attacks. Attackers can directly request the kim.db database file to retrieve user credentials and password hashes, or inject SQL code through the men...
CVE-2018-25187
Tina4 Stack 1.0.3 is affected by CVE-2018-25187, with two confirmed issues: (1) unauthenticated access to the kim.db database file enabling retrieval of user credentials and password hashes, and (2) SQL injection via the /menu endpoint that can manipulate database queries. The root causes are dir...
CVE-2018-25182
Silurus Classifieds Script 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ID parameter. Attackers can send GET requests to wcategory.php with crafted SQL payloads in the ID parameter to...
CVE-2018-25180
Maitra 1.7.2 contains an sql injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the mailid parameter in outmail and inmail modules. Attackers can also download the SQLite database file directly from the application...
CVE-2018-25180 Maitra 1.7.2 SQL Injection and Database File Download
Maitra 1.7.2 contains an sql injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the mailid parameter in outmail and inmail modules. Attackers can also download the SQLite database file directly from the application...
CVE-2018-25180
Maitra 1.7.2 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code via the mailid parameter in the outmail and inmail modules. The same flaw enables attackers to download the SQLite database file directly from the ...
CVE-2018-25180 Maitra 1.7.2 SQL Injection and Database File Download
Maitra 1.7.2 contains an sql injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the mailid parameter in outmail and inmail modules. Attackers can also download the SQLite database file directly from the application...
CVE-2018-25176 Alive Parish 2.0.4 SQL Injection and Arbitrary File Upload
Alive Parish 2.0.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the key parameter in the search endpoint. Attackers can also upload arbitrary files via the person photo upload functionality to th...