11 matches found
📄 esiclivre 0.2.2 SQL Injection
The password reset functionality in esiclivre is affected by multiple vulnerabilities. The cpfcnpj parameter is vulnerable to Blind SQL injection due to improper input handling. Additionally, the endpoint lacks CSRF protection, input validation, and rate limiting, enabling attackers to perform us...
CVE-2026-30655
SQL injection in Solicitante::resetaSenha in esiclivre/esiclivre v0.2.2 and earlier allows unauthenticated remote attackers to gain unauthorized access to sensitive information via the cpfcnpj parameter in /reset/index.php...
CVE-2026-30655
SQL injection in Solicitante::resetaSenha in esiclivre/esiclivre v0.2.2 and earlier allows unauthenticated remote attackers to gain unauthorized access to sensitive information via the cpfcnpj parameter in /reset/index.php...
CVE-2026-30655
SQL injection in Solicitante::resetaSenha in esiclivre/esiclivre v0.2.2 and earlier allows unauthenticated remote attackers to gain unauthorized access to sensitive information via the cpfcnpj parameter in /reset/index.php...
CVE-2026-30655
SQL injection in Solicitante::resetaSenha in esiclivre/esiclivre v0.2.2 and earlier allows unauthenticated remote attackers to gain unauthorized access to sensitive information via the cpfcnpj parameter in /reset/index.php...
PT-2026-27439
SQL injection in Solicitante::resetaSenha in esiclivre/esiclivre v0.2.2 and earlier allows unauthenticated remote attackers to gain unauthorized access to sensitive information via the cpfcnpj parameter in /reset/index.php...
📄 esiclivre 0.2.2 SQL Injection
esiclivre versions 0.2.2 and below suffer from a remote SQL injection vulnerability. CVE-2026-30655 — SQL Injection in esiclivre password reset Summary A SQL injection vulnerability exists in the password reset endpoint of esiclivre. An unauthenticated attacker can inject SQL via the cpfcnpj POST...
CVE-2026-30655
CVE-2026-30655 involves a SQL injection in esiclivre/esiclivre before or at version 0.2.2, specifically in Solicitante::resetaSenha() when handling the cpfcnpj parameter at POST /reset/index.php. The root cause is unsafely concatenating user input into an SQL query, permitting unauthenticated rem...
E-Sic Software livre CMS 'q' Parameter SQL Injection Vulnerability
E-Sic is a Brazilian electronic system for citizen information. A SQL injection vulnerability exists in E-Sic version 1.0. A remote attacker can exploit the vulnerability by sending the 'q' parameter to the file esiclivre/restrito/inc/lkpcep.php to execute arbitrary SQL commands...
Sql injection
E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restrito/inc/lkpcep.php aka the search private area...
CVE-2017-15373
E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restrito/inc/lkpcep.php aka the search private area...