CVE-2018-25351

Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the username parameter. Attackers can submit POST requests to the login endpoint with SQL injection payloads ...

CVE-2025-66205

Frappe is a full-stack web application framework. Prior to 15.86.0 and 14.99.2, a certain endpoint was vulnerable to error-based SQL injection due to lack of validation of parameters. Some information like version could be retrieved. This vulnerability is fixed in 15.86.0 and 14.99.2...

EUVD-2020-18049

Malware in sbrugna...

Kyaan 1.0 SQL Injection

Kyaan version 1.0 suffers from a remote SQL injection vulnerability. Exploit Title: kyaan - Multiple Vulnerabilities Date: March 27, 2025 Exploit Author: wa03 Telegram: @wa03 Vendor Homepage: https://kyaan.co Version: 1.0 Tested on: Windows local xampp DBMS: MySQL CVE: N/A Google Dork:...

Online Shopping Alphaware 1.0 - Error Based SQL injection

Title: Online Shopping Alphaware 1.0 - Error-Based SQL injection Exploit Author: Moaaz Taha 0xStorm Date: 2020-08-20 Vendor Homepage: https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html Software Link:...

News Website Script 2.0.4 - search SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title:News Website Script - SQL Injection Error Based Google Dork: NA Date: 12.02.2018 Exploit Author: Varun Bagaria Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: http://under24usd.com/demo/newstoday/index.php Version...

WordPress Doctor Appointment Booking 1.0.0 SQL Injection / XSS

Exploit Title: Wordpress Doctor Appointment Booking Plugin v1.0.0 - SQL Injection / XSS Date: 2018-01-01 Exploit Author: 8bitsec Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/doctor-appointment-booking-wordpress-plugin/21215314 Version: 1.0.0 Tested on: Kali...

CVE-2017-14600

Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $GET'delblack', resulting in Information Disclosure...

Itech B2B Script 4.29 - Multiple Vulnerabilities

Itech B2B Script 4.29 - Multiple Vulnerabilities Exploit Title : Itech scripts B2B Script v4.29 - Multiple Vulnerability Google Dork : - Date : 12/02/2017 Exploit Author : Marc Castejon Vendor Homepage : http://itechscripts.com/b2b-script/ Software Link: http://b2b.itechscripts.com Type : webapps...

Itech B2B Script 4.29 - Multiple Vulnerabilities

Exploit Title : Itech scripts B2B Script v4.29 - Multiple Vulnerability Google Dork : - Date : 12/02/2017 Exploit Author : Marc Castejon Vendor Homepage : http://itechscripts.com/b2b-script/ Software Link: http://b2b.itechscripts.com Type : webapps Platform: PHP Version: 4.29 Sofware Price and De...

Movie Portal Script 7.36 - Multiple Vulnerabilities

Movie Portal Script 7.36 - Multiple Vulnerabilities Exploit Title : Movie Portal Script v7.36 - Multiple Vulnerability Google Dork : - Date : 20/01/2017 Exploit Author : Marc Castejon Vendor Homepage : http://itechscripts.com/movie-portal-script/ Software Link: http://movie-portal.itechscripts.co...

Image Sharing Script 4.13 Cross Site Scripting / SQL Injection

Exploit Title : Image Sharing Script v4.13 - Multiple Vulnerability Author : Hasan Emre Ozer Google Dork : - Date : 16/01/2017 Type : webapps Platform: PHP Vendor Homepage : http://itechscripts.com/image-sharing-script/ Sofware Price and Demo : $1250 http://photo-sharing.itechscripts.com/...

Image Sharing Script 4.13 - Multiple Vulnerabilities

Exploit Title : Image Sharing Script v4.13 - Multiple Vulnerability Author : Hasan Emre Ozer Google Dork : - Date : 16/01/2017 Type : webapps Platform: PHP Vendor Homepage : http://itechscripts.com/image-sharing-script/ Sofware Price and Demo : $1250 http://photo-sharing.itechscripts.com/...

Dolphin 7.3.0 - Error-Based SQL Injection

Exploit for php platform in category web applications Exploit Title: Dolphin 7.3.0 Error Based SQL Injection Date: 20-09-2016 Software Link: https://www.boonex.com/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps 1...

FAROL - SQL Injection

Exploit Title: Web Application Farol with anauthenticated SQLi injection Date: 2015-09-16 Exploit Author: Thierry Fernandes Faria a.k.a SoiL thierryfariaa at gmail dot com Vendor Homepage:http://www.teiko.com.br/pt/solucoes/infraestrutura-em-ti/farol Version: All CVE : CVE-2015-6962 OWASP Top10:...

Microsoft SQL Server SQLi SUSER_SNAME Windows Domain Account Enumeration

This module can be used to bruteforce RIDs associated with the domain of the SQL Server using the SUSERSNAME function via Error Based SQL injection. This is similar to the smblookupsid module, but executed through SQL Server queries as any user with the PUBLIC role everyone. Information that can ...

Cart Engine 3.0 XSS / Open Redirect / SQL Injection

=== Details === Quantum Leap Advisory: http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect/ Affected Product: Cart Engine Version: 3.0 === Executive Summary === SQL Injection: Using a specially crafted HTTP request, it is possible to exploi...

vBulletin vBay <= 1.1.9 - Error-Based SQL Injection

No description provided by source. !/usr/bin/env python -W ignore::DeprecationWarning VBay = 1.1.9 - Remote Error based SQL Injection Author: Dan UK Contact: http://www.hackforums.net/member.php?action=profile&uid=817599 Date: 10/11/12 DETAILS Among a couple of other unsanitized parameters used...

Microweber 0.905 - Error-Based SQL Injection

Microweber 0.905 - Error-Based SQL Injection =============================================================================== | | / / / / / / // / / -/ - / // / / / / // / ////,//////,// ///, / // team PUBLIC SECURITY ADVISORY | |...

Microweber 0.905 - Error-Based SQL Injection

=============================================================================== | | / / / / / / // / / -/ - / // / / / / // / ////,//////,// ///, / // team PUBLIC SECURITY ADVISORY | | =============================================================================== TITLE ===== Microweber...