EUVD-2018-21628

Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. Attackers can send GET requests to editgrp.php with malicious gid values using EXTRACTVALUE and CONCAT functions to retriev...

CVE-2018-25173 Rmedia SMS 1.0 SQL Injection via editgrp.php

Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. Attackers can send GET requests to editgrp.php with malicious gid values using EXTRACTVALUE and CONCAT functions to retriev...

CVE-2018-25173 Rmedia SMS 1.0 SQL Injection via editgrp.php

Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. Attackers can send GET requests to editgrp.php with malicious gid values using EXTRACTVALUE and CONCAT functions to retriev...

CVE-2018-25173

Rmedia SMS 1.0 contains an unauthenticated SQL injection via the gid parameter in editgrp.php. An attacker can issue crafted GET requests using EXTRACTVALUE and CONCAT to retrieve schema names and sensitive database data. The vulnerability’s CVSS scores indicate a high-risk impact (CVSS 3.1: 8.2;...

PT-2026-23685

Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. Attackers can send GET requests to editgrp.php with malicious gid values using EXTRACTVALUE and CONCAT functions to retriev...

CVE-2019-25503

PHPads 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bannerID parameter in click.php3. Attackers can submit crafted bannerID values using SQL comment syntax and functions like extractvalue...

CVE-2024-58309

xbtitFM 4.1.18 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries by injecting malicious SQL code through the msgid parameter. Attackers can send crafted requests to /shoutedit.php with EXTRACTVALUE functions to extract database...

PT-2025-50761

Name of the Vulnerable Software and Affected Versions xbtitFM version 4.1.18 Description The software contains an unauthenticated SQL injection issue. Remote attackers can manipulate database queries by injecting malicious SQL code through the msgid parameter. Crafted requests sent to the...

PHPback 'orderby' parameter SQL injection vulnerability

PHPback is an open source web application feedback system that provides users with feedback on issues and suggestions to help improve the site. A SQL injection vulnerability exists in PHPback version 1.3.0. An attacker can exploit the vulnerability by constructing a SQL statement containing the...

Oracle database XXE injection vulnerabilities(CVE-2 0 1 4-6 5 7 7)analysis-vulnerability warning-the black bar safety net

In this article, we will jointly analyze the Oracle database XXE injection vulnerabilitiesCVE-2 0 1 4-6 5 7 7, Oracle Corporation 1 month 2 0 day was released for the vulnerability related to the patch. About XXE relevant knowledge, you can view the security pulse of the station within other...