Exploit for CVE-2024-12270

CVE-2024-12270 Beautiful Taxonomy Filters = 5.1 AND string err...

Microsoft SQL Server SQL Injection SUSER_SNAME Windows Domain Account Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server SQLi SUSERSNAME Windows Domain Account Enumeration', 'Description' = %q This module can be used to bruteforce RIDs associate...

Joomla com_contenthistory Error-Based SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Joomla comcontenthistory Error-Based SQL Injection', 'Description' = %q This module exploits a SQL injection vulnerability in Joomla versions 3.2...

Exploit for CVE-2024-39211

CVE-2024-39211 Kaiten User Enumeration Kaitenhttps://kait...

CVE-2024-3552

The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based...

CVE-2024-3552

The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based...

CVE-2024-3552

CVE-2024-3552 affects the Web Directory Free WordPress plugin prior to 1.7.0. An unauthenticated AJAX action uses an unsanitised parameter in a SQL statement, enabling SQL injection via UNION, time-based, and error-based techniques, potentially compromising the database. The nuclei template confi...

Web Directory Free < 1.7.0 - Unauthenticated SQL Injection

Description The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based. PoC curl --url...

Chat Bot 1.0 SQL Injection

Titles: Chat Bot - PHP by: oretnom23 v1.0 Multiple SQLi Author: nu11secur1ty Date: 05/22/2024 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/15316/chatbot-app-suggestion-phpoop-free-source-code.html Reference: https://portswigger.net/web-security/sql-injection...

Stock Management System 1.0 SQL Injection

Exploit Title: Stock Management System v1.0 - Unauthenticated SQL Injection Date: February 6, 2024 Exploit Author: Josué Mier aka blu3ming Security Researcher & Penetration Tester @wizlynx group Vendor Homepage:...

Stock Management System v1.0 - Unauthenticated SQL Injection Exploit

Exploit Title: Stock Management System v1.0 - Unauthenticated SQL Injection Exploit Author: Josué Mier aka blu3ming Security Researcher & Penetration Tester @wizlynx group Vendor Homepage: https://www.sourcecodester.com/php/15023/stock-management-system-phpoop-source-code.html Software Link:...

Stock Management System v1.0 - Unauthenticated SQL Injection

Exploit Title: Stock Management System v1.0 - Unauthenticated SQL Injection Date: February 6, 2024 Exploit Author: Josué Mier aka blu3ming Security Researcher & Penetration Tester @wizlynx group Vendor Homepage:...

Computer Laboratory Management System v1.0 - Multiple-SQLi

Title: Computer Laboratory Management System v1.0 - Multiple-SQLi Author: nu11secur1ty Date: 03/28/2024 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/17268/computer-laboratory-management-system-using-php-and-mysql.htmlcomment-104400 Reference:...

CVE-2023-26367 Error based file extraction via PHP filter chains during product bulk import logic

Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this issue do...

Taskhub CRM Tool 2.8.6 - SQL Injection Vulnerability

Exploit Title: Taskhub CRM Tool 2.8.6 - SQL Injection Date: 2023-08-12 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874 Tested on: Kali Linux & MacOS CVE: N/A Request GET /projects?filter=notstarted HTTP/1.1 Host: localhost...

SQL Injection

Description GLPI 10.0.8 and are affected by an SQL injection on the page ajax/dashboard.php Proof of Concept I can provide you the POC written in python3.5 or higher. Just provide me a way to send it to you. Tested under the following environment: - Ubuntu 20.04 - GLPI 10.0.8 and 10.0.7 - Mysql...

CVE-2023-34735

Property Cloud Platform Management Center 1.0 is vulnerable to error-based SQL injection...

SQL Injection in the "Users" function of Piwigo

Description Authenticated admin can perform an SQL injection attack by abusing the "Users" function. Proof of Concept - Log in as an admin and access the 'Users' function. - Observe the request on Burp suite POST /piwigo/ws.php?format=json&method=pwg.users.getList. - Manipulate the 'order' or...

PHPJabbers Simple CMS 5.0 SQL Injection

Exploit Title: PHPJabbers Simple CMS 5.0 - SQL Injection Date: 2023-04-29 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.phpjabbers.com/faq.php Software Link: https://www.phpjabbers.com/simple-cms/ Version: 5.0 Tested on: Kali Linux Request GET...

PHPJabbers Simple CMS 5.0 - SQL Injection Vulnerability

Exploit Title: PHPJabbers Simple CMS 5.0 - SQL Injection Date: 2023-04-29 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.phpjabbers.com/faq.php Software Link: https://www.phpjabbers.com/simple-cms/ Version: 5.0 Tested on: Kali Linux Request GET...