319 matches found
📄 MajorDoMo Console Eval Unauthenticated Remote Code Execution
This Metasploit module exploits an unauthenticated remote code execution vulnerability in MajorDoMo, an open-source home automation platform. The admin panels PHP console is accessible without authentication due to a missing exit after redirect in modules/panel.class.php. The redirect"/" call...
CVE-2019-25459
Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlakdurumu, emlaktipi, il, ilce, kelime, and semt to extract sensitive...
CVE-2019-25458
Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can send requests to with malicious payloads in the 'il', 'kat', or 'kelime' parameters to extract...
CVE-2019-25459
Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlakdurumu, emlaktipi, il, ilce, kelime, and semt to extract sensitive...
CVE-2019-25458
Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can send requests to with malicious payloads in the 'il', 'kat', or 'kelime' parameters to extract...
CVE-2019-25459
Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlakdurumu, emlaktipi, il, ilce, kelime, and semt to extract sensitive...
CVE-2019-25443
Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicious SQL payloads in the name, description, quantity, or catid parameters to add-item.php to execut...
CVE-2019-25459 Web Ofisi Emlak V2 SQL Injection via emlak-ara.html
Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlakdurumu, emlaktipi, il, ilce, kelime, and semt to extract sensitive...
CVE-2019-25459
Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlakdurumu, emlaktipi, il, ilce, kelime, and semt to extract sensitive...
CVE-2019-25458 Web Ofisi Firma Rehberi v1 SQL Injection via firmalar.html
Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can send requests to with malicious payloads in the 'il', 'kat', or 'kelime' parameters to extract...
CVE-2019-25458
CVE-2019-25458 affects Web Ofisi Firma Rehberi v1, where an SQL injection flaw allows unauthenticated users to manipulate database queries via GET parameters. Specifically, malicious payloads placed in the il, kat, or kelime parameters can extract sensitive data or enable time-based blind SQL inj...
CVE-2019-25443 Inventory Webapp SQL Injection via add-item.php
Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicious SQL payloads in the name, description, quantity, or catid parameters to add-item.php to execut...
CVE-2019-25443 Inventory Webapp SQL Injection via add-item.php
Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicious SQL payloads in the name, description, quantity, or catid parameters to add-item.php to execut...
CVE-2019-25443
Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicious SQL payloads in the name, description, quantity, or catid parameters to add-item.php to execut...
CVE-2019-25443
Inventory Webapp is affected by CVE-2019-25443: an SQL injection in add-item.php allows unauthenticated users to manipulate queries via GET parameters (name, description, quantity, cat_id), enabling arbitrary database commands. The vulnerability affects the way input is incorporated into SQL stat...
Inventory Webapp SQL注入漏洞
Inventory Webapp is a browser-based inventory management system developed by Inventory Company. The Inventory Webapp has a SQL injection vulnerability, which stems from SQL injections in GET parameters. This vulnerability could allow unverified attackers to manipulate database queries...
PT-2026-21446
Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlak durumu, emlak tipi, il, ilce, kelime, and semt to extract sensiti...
PT-2026-21433
Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicious SQL payloads in the name, description, quantity, or cat id parameters to add-item.php to execu...
PT-2026-21445
Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can send requests to with malicious payloads in the 'il', 'kat', or 'kelime' parameters to extract...
Web Ofisi Emlak SQL注入漏洞
Web Ofisi Emlak is a real estate agency website system developed by the Turkish company Web Ofisi. The Web Ofisi Emlak V2 version has a SQL injection vulnerability, which stems from insufficient validation of multiple GET parameter inputs. This vulnerability may lead to SQL injection attacks...