27 matches found
EUVD-2018-21628
Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. Attackers can send GET requests to editgrp.php with malicious gid values using EXTRACTVALUE and CONCAT functions to retriev...
CVE-2018-25173 Rmedia SMS 1.0 SQL Injection via editgrp.php
Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. Attackers can send GET requests to editgrp.php with malicious gid values using EXTRACTVALUE and CONCAT functions to retriev...
CVE-2018-25173 Rmedia SMS 1.0 SQL Injection via editgrp.php
Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. Attackers can send GET requests to editgrp.php with malicious gid values using EXTRACTVALUE and CONCAT functions to retriev...
CVE-2018-25173
Rmedia SMS 1.0 contains an unauthenticated SQL injection via the gid parameter in editgrp.php. An attacker can issue crafted GET requests using EXTRACTVALUE and CONCAT to retrieve schema names and sensitive database data. The vulnerability’s CVSS scores indicate a high-risk impact (CVSS 3.1: 8.2;...
PT-2026-23685
Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. Attackers can send GET requests to editgrp.php with malicious gid values using EXTRACTVALUE and CONCAT functions to retriev...
CVE-2019-25503
PHPads 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bannerID parameter in click.php3. Attackers can submit crafted bannerID values using SQL comment syntax and functions like extractvalue...
CVE-2019-25503
PHPads 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bannerID parameter in click.php3. Attackers can submit crafted bannerID values using SQL comment syntax and functions like extractvalue...
CVE-2019-25503 PHPads 2.0 SQL Injection via click.php3 bannerID
PHPads 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bannerID parameter in click.php3. Attackers can submit crafted bannerID values using SQL comment syntax and functions like extractvalue...
CVE-2019-25366
microASP Portal+ CMS contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the explodetree parameter. Attackers can send crafted requests to pagina.phtml with SQL injection payloads using extractvalue and...
CVE-2019-25366 microASP Portal+ CMS SQL Injection via pagina.phtml
microASP Portal+ CMS contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the explodetree parameter. Attackers can send crafted requests to pagina.phtml with SQL injection payloads using extractvalue and...
CVE-2019-25366
The CVE-2019-25366 issue affects microASP Portal+ CMS, where an SQL injection vulnerability exists in the explode_tree parameter. An unauthenticated attacker can send crafted requests to pagina.phtml to execute arbitrary SQL queries, using payloads with functions like extractvalue and concat to e...
OpenSTAManager has an SQL Injection in the Stampe Module
Vulnerability Details Location - File: modules/stampe/actions.php - Line: 26 - Vulnerable Code: php case 'update': if !emptyintvalpost'predefined' && !emptypost'module' $dbo-query'UPDATE zzprints SET predefined = 0 WHERE idmodule = '.post'module'; // ↑ Direct concatenation without prepare...
CVE-2024-58309
xbtitFM 4.1.18 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries by injecting malicious SQL code through the msgid parameter. Attackers can send crafted requests to /shoutedit.php with EXTRACTVALUE functions to extract database...
CVE-2024-58309
xbtitFM 4.1.18 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries by injecting malicious SQL code through the msgid parameter. Attackers can send crafted requests to /shoutedit.php with EXTRACTVALUE functions to extract database...
CVE-2024-58309
This entry details an unauthenticated SQL injection in xbtitFM 4.1.18 via the msgid parameter in /shoutedit.php. The vulnerability uses functions like EXTRACTVALUE to leak database names, user credentials, and password hashes, with network attack potential and high impact on confidentiality, inte...
PT-2025-50761
Name of the Vulnerable Software and Affected Versions xbtitFM version 4.1.18 Description The software contains an unauthenticated SQL injection issue. Remote attackers can manipulate database queries by injecting malicious SQL code through the msgid parameter. Crafted requests sent to the...
Twitter-Clone 1 SQL Injection
Exploit Title: Twitter-Clone 1 - 'code' SQL Injection Date: 2018-08-22 Exploit Author: L0RD Vendor Homepage: https://github.com/Fyffe/PHP-Twitter-Clone/ Version: 1 CVE: N/A Tested on: Win 10 vulnerable files : mailactivation.php , stalkers.php , search.php vulnerable parameters : name , code , id...
NodAPS 4.0 - SQL injection Cross-Site Request Forgery
NodAPS 4.0 - SQL injection Cross-Site Request Forgery Exploit Title: Online Booking system - NodAPS 4.0 - 'search' SQL injection / Cross-Site Request Forgery Date: 2018-05-16 Exploit Author: Borna nematzadeh L0RD Vendor Homepage:...
PHIMS - Hospital Management Information System - Password SQL Injection
PHIMS - Hospital Management Information System - Password SQL Injection Exploit Title: PHIMS - Hospital Management Information System - 'Password' SQL Injection Dork: N/A Date: 2018-02-16 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendor Homepage:...
Joomla! Component Recipe Manager 2.2 - id SQL Injection
Joomla! Component Recipe Manager 2.2 - id SQL Injection Exploit Title: Joomla! Component Recipe Manager v2.2 - SQL Injection Google Dork: inurl:index.php?option=comrecipe Date: 02.03.2017 Vendor Homepage: http://joomla6teen.com/ Software:...