443 matches found
sqli
SQL Injection Write-up 🧪 1. Průzkum Do vyhledávacího pole...
EUVD-2018-21679
WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the endpoint that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL payloads through the 'urun' parameter to execute boolean-based blind, error-based, time-based...
EUVD-2018-21671
KomSeo Cart 1.3 contains an SQL injection vulnerability that allows attackers to inject SQL commands through the 'myitemsearch' parameter in edit.php. Attackers can submit POST requests with malicious SQL payloads to extract sensitive database information using boolean-based blind or error-based...
CVE-2018-25210
WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the endpoint that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL payloads through the 'urun' parameter to execute boolean-based blind, error-based, time-based...
CVE-2018-25205
ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the 'query' parameter in the search functionality. Attackers can submit malicious SQL payloads via GET or POST requests to the /search endpoint to extract sensitive...
CVE-2018-25206
KomSeo Cart 1.3 contains an SQL injection vulnerability that allows attackers to inject SQL commands through the 'myitemsearch' parameter in edit.php. Attackers can submit POST requests with malicious SQL payloads to extract sensitive database information using boolean-based blind or error-based...
CVE-2018-25210
WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the endpoint that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL payloads through the 'urun' parameter to execute boolean-based blind, error-based, time-based...
CVE-2018-25210
WebOfisi E-Ticaret 4.0 is affected by an SQL injection in the 'urun' GET parameter of the vulnerable endpoint. The issue allows unauthenticated attackers to manipulate backend queries using SQL payloads through the 'urun' parameter, enabling boolean-based blind, error-based, time-based blind, and...
CVE-2018-25210 WebOfisi E-Ticaret 4.0 SQL Injection via urun Parameter
WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the endpoint that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL payloads through the 'urun' parameter to execute boolean-based blind, error-based, time-based...
CVE-2018-25210 WebOfisi E-Ticaret 4.0 SQL Injection via urun Parameter
WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the endpoint that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL payloads through the 'urun' parameter to execute boolean-based blind, error-based, time-based...
CVE-2018-25206 KomSeo Cart 1.3 SQL Injection via edit.php
KomSeo Cart 1.3 contains an SQL injection vulnerability that allows attackers to inject SQL commands through the 'myitemsearch' parameter in edit.php. Attackers can submit POST requests with malicious SQL payloads to extract sensitive database information using boolean-based blind or error-based...
CVE-2018-25206
KomSeo Cart 1.3 contains an SQL injection in edit.php via the my_item_search parameter. Attackers can submit POST payloads to perform boolean-based blind or error-based injections to extract sensitive database information. The vulnerability has high impact on confidentiality (C) and low impact on...
CVE-2018-25206
KomSeo Cart 1.3 contains an SQL injection vulnerability that allows attackers to inject SQL commands through the 'myitemsearch' parameter in edit.php. Attackers can submit POST requests with malicious SQL payloads to extract sensitive database information using boolean-based blind or error-based...
CVE-2018-25206 KomSeo Cart 1.3 SQL Injection via edit.php
KomSeo Cart 1.3 contains an SQL injection vulnerability that allows attackers to inject SQL commands through the 'myitemsearch' parameter in edit.php. Attackers can submit POST requests with malicious SQL payloads to extract sensitive database information using boolean-based blind or error-based...
CVE-2018-25205
ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the 'query' parameter in the search functionality. Attackers can submit malicious SQL payloads via GET or POST requests to the /search endpoint to extract sensitive...
PT-2026-28243
Name of the Vulnerable Software and Affected Versions KomSeo Cart version 1.3 Description An SQL injection flaw allows attackers to inject SQL commands via the my item search parameter in the 'edit.php' endpoint. By submitting POST requests with malicious payloads, attackers can extract sensitive...
PT-2026-28242
ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the 'query' parameter in the search functionality. Attackers can submit malicious SQL payloads via GET or POST requests to the /search endpoint to extract sensitive...
EUVD-2019-20010
Zeeways Matrimony CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the profilelist endpoint. Attackers can inject SQL code via the upcast, smother, and sreligion parameters to extract sensitive database information usi...
CVE-2019-25635 Zeeways Matrimony CMS Lastest SQL Injection via profile_list
Zeeways Matrimony CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the profilelist endpoint. Attackers can inject SQL code via the upcast, smother, and sreligion parameters to extract sensitive database information usi...
CVE-2019-25635
Zeeways Matrimony CMS is affected by SQL injection vulnerabilities in the profile_list endpoint, exploitable by unauthenticated attackers via the up_cast, s_mother, and s_religion parameters to manipulate database queries and exfiltrate data using time-based or error-based techniques. The CVE-201...