CVE-2025-50972

SQL Injection vulnerability in AbanteCart 1.4.2, allows unauthenticated attackers to execute arbitrary SQL commands via the tmplid parameter to index.php. Three techniques have been demonstrated: error-based injection using a crafted FLOOR-based payload, time-based blind injection via SLEEP, and...

📄 Easy Hosting Control Panel 20.04.1.b SQL Injection

Easy Hosting Control Panel version 20.04.1.b suffers from a remote SQL injection vulnerability in the listdomains function via the arananalan POST parameter. Title: Easy Hosting Control Panel EHCP 20.04.1.b - SQL Injection in the listdomains function via the arananalan POST parameter Description:...

📄 Lost and Found Information System 1.0 SQL Injection

Lost and Found Information System version 1.0 suffers from a remote SQL injection vulnerability. This particular version was already known to be susceptible to such attacks in 2023 but appears to have other vectors of exploitability for the same issue. Titles: Lost and Found Information System-1....

Exploit for CVE-2025-10351

CVE-2025-10351 POC - SQL Injection Exploit 💉 POC for CVE-20...

CVE-2023-34735

Property Cloud Platform Management Center 1.0 is vulnerable to error-based SQL injection...

CVE-2020-25362

The id paramater in Online Shopping Alphaware 1.0 has been discovered to be vulnerable to an Error-Based blind SQL injection in the /alphaware/details.php path. This allows an attacker to retrieve all databases...

CVE-2019-19986

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. An attacker without authentication is able to execute arbitrary SQL SELECT statements by injecting the HTTP POST or GET parameter persoid into /tools/VamPersonPhoto.php. The SQL Injection type is Error-based this...

CVE-2017-14600

Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $GET'delblack', resulting in Information Disclosure...

Kyaan 1.0 SQL Injection

Kyaan version 1.0 suffers from a remote SQL injection vulnerability. Exploit Title: kyaan - Multiple Vulnerabilities Date: March 27, 2025 Exploit Author: wa03 Telegram: @wa03 Vendor Homepage: https://kyaan.co Version: 1.0 Tested on: Windows local xampp DBMS: MySQL CVE: N/A Google Dork:...

HEXAGreen CMS SQL Injection Vulnerability

Title: HEXAGreen CMS - Authenticated SQLi Description: HEXAGreen CMS authenticated error-based sql injection Source URL: http://ezcode.pt/tests/hexagreen/admin/ Source Name/Email: Mehmet Can Kadıoğlu a.k.a mao7un CVEs: N/A Software URL: https://www.codester.com/items/36507/hexagreen-website-cms...

HEXAGreen CMS SQL Injection

HEXAGreen CMS suffers from a remote SQL injection vulnerability. This software does not offer any version associated with it. Title: HEXAGreen CMS - Authenticated SQLi Description: HEXAGreen CMS authenticated error-based sql injection Source URL: http://ezcode.pt/tests/hexagreen/admin/ Source...

U.S. Dept Of Defense: Error-based blind SQL injection

An error-based blind SQL injection vulnerability was discovered at a certain location. The vulnerability was present in the sites, rods, and ous parameters. By exploiting these parameters, sensitive information could have been extracted by triggering errors returned by the database. Certain...

Exploit for SQL Injection in Eniture Ltl_Freight_Quotes

CVE-2024-13481 LTL Freight Quotes – R+L Carriers Edition = 5.6...

Exploit for SQL Injection in Eniture Ltl_Freight_Quotes

CVE-2024-13479 LTL Freight Quotes – SEFL Edition = 5.6 AND err...

Exploit for SQL Injection in Eniture Ltl_Freight_Quotes

CVE-2024-13483 LTL Freight Quotes – SAIA Edition = 5.6 AND err...

Exploit for SQL Injection in Eniture Ltl_Freight_Quotes

CVE-2024-13485 LTL Freight Quotes – ABF Freight Edition = 5.6...

Exploit for SQL Injection in Enituretechnology Ltl_Freight_Quotes

CVE-2024-13488 LTL Freight Quotes – Estes Edition = 5.6 AND er...

Exploit for CVE-2024-12270

CVE-2024-12270 Beautiful Taxonomy Filters = 5.1 AND string err...

Microsoft SQL Server SQL Injection SUSER_SNAME Windows Domain Account Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server SQLi SUSERSNAME Windows Domain Account Enumeration', 'Description' = %q This module can be used to bruteforce RIDs associate...

Joomla com_contenthistory Error-Based SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Joomla comcontenthistory Error-Based SQL Injection', 'Description' = %q This module exploits a SQL injection vulnerability in Joomla versions 3.2...