CVE-2019-25713 MyT-PM 1.5.1 SQL Injection via Charge[group_total] Parameter

MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Chargegrouptotal parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blind...

PT-2026-32175

MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Chargegroup total parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blin...

SQL Injection in the "Users" function of Piwigo

Description Authenticated admin can perform an SQL injection attack by abusing the "Users" function. Proof of Concept - Log in as an admin and access the 'Users' function. - Observe the request on Burp suite POST /piwigo/ws.php?format=json&method=pwg.users.getList. - Manipulate the 'order' or...

Ticketly 1.0 - kind_id SQL Injection

Ticketly 1.0 - kindid SQL Injection Exploit Title: Ticketly 1.0 – Multiple SQL Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-11-19 Google Dork: N/A Vendor: Abisoft https://abisoftgt.net Software Link:...

Advance Loan Management System - 'id' SQL Injection

Exploit Title: Advance Loan Management System - 'id' SQL Injection Date: 2018-01-31 Exploit Author: 8bitsec Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/advance-loan-management-system-with-savings-system-and-sms-notification/21283070 Version: 1.0 Tested on:...

Uploadr - Project Files Management /download at SQL injection

Uploadr - Project Files Management /download at the presence of SQL injection Injection point: http://download.lagunaproperty.com/download?file=SQL error-based payload: /download? file=1%' AND SELECT 2IFSELECT FROM SELECT CONCATmd5233,0x716a767a71,SELECT ELT4943=4943,1,0x7176716b71,0x78s,...