Lucene search
K

61 matches found

RedhatCVE
RedhatCVE
added 2025/08/30 6:21 p.m.4 views

CVE-2025-50972

SQL Injection vulnerability in AbanteCart 1.4.2, allows unauthenticated attackers to execute arbitrary SQL commands via the tmplid parameter to index.php. Three techniques have been demonstrated: error-based injection using a crafted FLOOR-based payload, time-based blind injection via SLEEP, and...

9.8CVSS8.9AI score0.00421EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2025/08/03 11:4 a.m.146 views

Exploit for CVE-2025-10351

CVE-2025-10351 POC - SQL Injection Exploit 💉 POC for CVE-20...

9.3CVSS7.8AI score0.00385EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/23 3:56 a.m.7 views

CVE-2023-34735

Property Cloud Platform Management Center 1.0 is vulnerable to error-based SQL injection...

9.8CVSS7.5AI score0.00741EPSS
Exploits1
Hacker One
Hacker One
added 2025/02/21 10:55 p.m.8 views

U.S. Dept Of Defense: Error-based blind SQL injection

An error-based blind SQL injection vulnerability was discovered at a certain location. The vulnerability was present in the sites, rods, and ous parameters. By exploiting these parameters, sensitive information could have been extracted by triggering errors returned by the database. Certain...

7.7AI score
Exploits0
0day.today
0day.today
added 2024/04/15 12:0 a.m.411 views

Stock Management System v1.0 - Unauthenticated SQL Injection Exploit

Exploit Title: Stock Management System v1.0 - Unauthenticated SQL Injection Exploit Author: Josué Mier aka blu3ming Security Researcher & Penetration Tester @wizlynx group Vendor Homepage: https://www.sourcecodester.com/php/15023/stock-management-system-phpoop-source-code.html Software Link:...

9.8CVSS9.7AI score0.01361EPSS
Exploits4
Packet Storm
Packet Storm
added 2024/04/15 12:0 a.m.359 views

Stock Management System 1.0 SQL Injection

Exploit Title: Stock Management System v1.0 - Unauthenticated SQL Injection Date: February 6, 2024 Exploit Author: Josué Mier aka blu3ming Security Researcher & Penetration Tester @wizlynx group Vendor Homepage:...

9.8CVSS7.4AI score0.01361EPSS
Exploits4
Exploit DB
Exploit DB
added 2024/04/13 12:0 a.m.424 views

Stock Management System v1.0 - Unauthenticated SQL Injection

Exploit Title: Stock Management System v1.0 - Unauthenticated SQL Injection Date: February 6, 2024 Exploit Author: Josué Mier aka blu3ming Security Researcher & Penetration Tester @wizlynx group Vendor Homepage:...

9.8CVSS9.8AI score0.01361EPSS
Exploits4
ATTACKERKB
ATTACKERKB
added 2023/06/29 2:15 p.m.4 views

CVE-2023-34735

Property Cloud Platform Management Center 1.0 is vulnerable to error-based SQL injection...

9.8CVSS7.4AI score0.00741EPSS
Exploits1References2
Kitploit
Kitploit
added 2023/01/20 11:30 a.m.521 views

Ghauri - An Advanced Cross-Platform Tool That Automates The Process Of Detecting And Exploiting SQL Injection Security Flaws

An advanced cross-platform tool that automates the process of detecting andexploiting SQL injection security flaws Requirements Python 3 Python pip3 Installation cd to ghauri directory. install requirements: python3 -m pip install --upgrade -r requirements.txt run: python3 setup.py install or...

8.6AI score
Exploits0References1
OSV
OSV
added 2021/12/13 11:15 a.m.7 views

CVE-2021-24747

The SEO Booster WordPress plugin before 3.8 allows for authenticated SQL injection via the "fnmyajaxifieddataloaderajax" AJAX request as the $REQUEST'order'0'dir' parameter is not properly escaped leading to blind and error-based SQL injections...

7.2CVSS5.8AI score0.01497EPSS
Exploits2References2
OSV
OSV
added 2021/12/07 10:15 p.m.16 views

CVE-2021-40578

Authenticated Blind & Error-based SQL injection vulnerability was discovered in Online Enrollment Management System in PHP and PayPal Free Source Code 1.0, that allows attackers to obtain sensitive information and execute arbitrary SQL commands via IDNO parameter...

7.2CVSS6AI score0.01477EPSS
Exploits1References3
exploitpack
exploitpack
added 2016/04/20 12:0 a.m.17 views

PHPBack 1.3.0 - SQL Injection

PHPBack 1.3.0 - SQL Injection / + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/PHPBACK-v1.3.0-SQL-INJECTION.txt Vendor: ================ www.phpback.org Product: ================ PHPBack v1.3.0 Vulnerability Type: ===================...

0.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/19 12:0 a.m.155 views

用友某系统多处注入漏洞打包

简要描述: wooyun搜了一下,没有人提,来一发。 详细说明: 首先,该接口是无需权限访问的。 已http://.../bugs/wooyun-2010-0178322为例: ...:8080/uapws/service/nc.itf.bd.crm.ICurrtypeExportToCrmService?wsdl ...:8080/uapws/service/nc.itf.bd.crm.IInvbasdocExportToCrmService?wsdl ...:8080/uapws/service/nc.itf.bd.crm.IMeasdocExportToCrmService?wsd...

7AI score
Exploits0
seebug.org
seebug.org
added 2015/12/01 12:0 a.m.107 views

HumHub 0.11.2 and 0.20.0-beta.2 - SQL 注入漏洞

寻找SQL注入的一般步骤: 1、寻找数据输入(表单) 2、注入数据 3、检测异常响应,像HTTP的500错误,SQL报错 该过程可以借助多种工具实现自动化。 用AWVS检测出 /index.php 可能存在SQL注入。 以下地址会报SQL错误,from 字段是注入点: http://localhost/index.php?from=1'"&limit=10&mode=activity&r=space/space/stream&sguid=e9659cfc-886f-4524-94ae-1721999ad43b...

7.3AI score
Exploits0
Exploit DB
Exploit DB
added 2013/09/20 12:0 a.m.22 views

OpenEMR 4.1.1 Patch 14 - SQL Injection / Privilege Escalation / Remote Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "OpenEMR 4.1.1 Pat...

7.4AI score
Exploits0
Kitploit
Kitploit
added 2013/05/20 11:34 p.m.1508 views

[DroidSQLi] MySQL Injection tool for Android

DroidSQLi is the first automated MySQL Injection tool for Android. It allows you to test your MySQL-based web application against SQL injection attacks. DroidSQLi supports the following injection techniques: - Time based injection - Blind injection - Error based injection - Normal injection...

8.6AI score
Exploits0
exploitpack
exploitpack
added 2012/09/04 12:0 a.m.14 views

Support4Arabs Pages 2.0 - SQL Injection

Support4Arabs Pages 2.0 - SQL Injection Exploit Title: Support4Arabs Pages v2.0 Remote SQL Error Based Injection Vulnerability Date: 04/9/2012 Author: L0n3ly-H34rT Contact: [email protected] My Site: http://se3c.blogspot.com/ Vendor Link: http://www.support4arabs.com/ Software Link:...

0.5AI score
Exploits0
exploitpack
exploitpack
added 2012/08/20 12:0 a.m.18 views

YourArcadeScript 2.4 - index.php?id SQL Injection

YourArcadeScript 2.4 - index.php?id SQL Injection Exploit Title: YourArcadeScript 2.4 SQLi Vulnerability Version: 2.4 Date: 17/08/2012 Author: DaOne LCA Software Link: http://www.yourarcadescript.com Google Dork: intext:"Powered by YourArcadeScript 2.4" Exploit...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2012/08/18 12:0 a.m.20 views

YourArcadeScript 2.4 SQL Injection

Exploit Title: YourArcadeScript 2.4 SQLi Vulnerability Version: 2.4 Date: 17/08/2012 Author: DaOne LCA Software Link: http://www.yourarcadescript.com Google Dork: intext:"Powered by YourArcadeScript 2.4" Exploit http://localhost/index.php?act=cat&id=Error Based Injection thanks to : All LibyanCA...

0.4AI score
Exploits0
0day.today
0day.today
added 2011/08/16 12:0 a.m.98 views

Elgg 1.8 beta2 SQL Injection

Exploit for php platform in category web applications Elgg 1.8 beta2 and prior to 1.7.11 'containerguid' and 'ownerguid' SQL Injection Vendor URL: http://www.elgg.org/ Advisore: http://lostmon.blogspot.com/2011/08/elgg-18-beta2-and-prior-to-1711.html Vendor notify: YES exploit available: YES...

7.1AI score
Exploits0
Rows per page
Query Builder