Lucene search
K

11 matches found

Packet Storm
Packet Storm
added 2026/04/22 12:0 a.m.88 views

📄 esiclivre 0.2.2 SQL Injection

The password reset functionality in esiclivre is affected by multiple vulnerabilities. The cpfcnpj parameter is vulnerable to Blind SQL injection due to improper input handling. Additionally, the endpoint lacks CSRF protection, input validation, and rate limiting, enabling attackers to perform us...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/26 3:18 p.m.7 views

CVE-2026-30655

SQL injection in Solicitante::resetaSenha in esiclivre/esiclivre v0.2.2 and earlier allows unauthenticated remote attackers to gain unauthorized access to sensitive information via the cpfcnpj parameter in /reset/index.php...

6.5CVSS5.9AI score0.00514EPSS
Exploits1References1
NVD
NVD
added 2026/03/24 3:16 p.m.5 views

CVE-2026-30655

SQL injection in Solicitante::resetaSenha in esiclivre/esiclivre v0.2.2 and earlier allows unauthenticated remote attackers to gain unauthorized access to sensitive information via the cpfcnpj parameter in /reset/index.php...

6.5CVSS0.00514EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/24 12:0 a.m.20 views

CVE-2026-30655

SQL injection in Solicitante::resetaSenha in esiclivre/esiclivre v0.2.2 and earlier allows unauthenticated remote attackers to gain unauthorized access to sensitive information via the cpfcnpj parameter in /reset/index.php...

0.00514EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/24 12:0 a.m.3 views

CVE-2026-30655

SQL injection in Solicitante::resetaSenha in esiclivre/esiclivre v0.2.2 and earlier allows unauthenticated remote attackers to gain unauthorized access to sensitive information via the cpfcnpj parameter in /reset/index.php...

5.9AI score0.00514EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.6 views

PT-2026-27439

SQL injection in Solicitante::resetaSenha in esiclivre/esiclivre v0.2.2 and earlier allows unauthenticated remote attackers to gain unauthorized access to sensitive information via the cpfcnpj parameter in /reset/index.php...

5.9AI score0.00514EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2026/03/24 12:0 a.m.123 views

📄 esiclivre 0.2.2 SQL Injection

esiclivre versions 0.2.2 and below suffer from a remote SQL injection vulnerability. CVE-2026-30655 — SQL Injection in esiclivre password reset Summary A SQL injection vulnerability exists in the password reset endpoint of esiclivre. An unauthenticated attacker can inject SQL via the cpfcnpj POST...

6.5CVSS5.9AI score0.00514EPSS
Exploits1
CVE
CVE
added 2026/03/24 12:0 a.m.10 views

CVE-2026-30655

CVE-2026-30655 involves a SQL injection in esiclivre/esiclivre before or at version 0.2.2, specifically in Solicitante::resetaSenha() when handling the cpfcnpj parameter at POST /reset/index.php. The root cause is unsafely concatenating user input into an SQL query, permitting unauthenticated rem...

6.5CVSS5.9AI score0.00514EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2017/10/20 12:0 a.m.4 views

E-Sic Software livre CMS 'q' Parameter SQL Injection Vulnerability

E-Sic is a Brazilian electronic system for citizen information. A SQL injection vulnerability exists in E-Sic version 1.0. A remote attacker can exploit the vulnerability by sending the 'q' parameter to the file esiclivre/restrito/inc/lkpcep.php to execute arbitrary SQL commands...

9.8CVSS8.5AI score0.01706EPSS
Exploits1References1
Prion
Prion
added 2017/10/16 4:29 a.m.16 views

Sql injection

E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restrito/inc/lkpcep.php aka the search private area...

7.5CVSS9.8AI score0.01706EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2017/10/16 4:29 a.m.5 views

CVE-2017-15373

E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restrito/inc/lkpcep.php aka the search private area...

9.8CVSS5.8AI score0.01706EPSS
Exploits1References2
Rows per page
Query Builder