PT-2026-46200

Listing Hub CMS 1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to pages.php with crafted id values using error-based SQL injection techniques to...

CVE-2018-25364

Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the name parameter. Attackers can submit crafted payloads to the search.php endpoint to extract database information including username...

CVE-2024-58276

CVE-2024-58276 concerns Obi08/Enrollment System 1.0. A SQL injection vulnerability exists in the keyword parameter of /get_subject.php, allowing unauthenticated attackers to execute arbitrary SQL queries. The impact includes potential extraction of sensitive data from the users table (e.g., usern...

WordPress Symposium Plugin SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Symposium Plugin SQL Injection', 'Description' = %q This module exploits a SQL injection vulnerability in the WP Symposium plugin befor...

Keeper Security Desktop 16.10.2 / Browser Extension 16.5.4 Password Dumper

Exploit Title: Keeper Security desktop 16.10.2 & Browser Extension 16.5.4 - Password Dumping Google Dork: NA Date: 22-07-2023 Exploit Author: H4rk3nz0 Vendor Homepage: https://www.keepersecurity.com/enGB/ Software Link: https://www.keepersecurity.com/enGB/get-keeper.html Version: Desktop App...

Directory traversal

ServerManagement master branch as of commit 49491cc6f94980e6be7791d17be947c27071eb56 is affected by a directory traversal vulnerability. This vulnerability can be used to extract credentials which can in turn be used to execute code...