Lucene search
K

319 matches found

Packet Storm
Packet Storm
added 2026/03/02 12:0 a.m.137 views

📄 MajorDoMo Console Eval Unauthenticated Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability in MajorDoMo, an open-source home automation platform. The admin panels PHP console is accessible without authentication due to a missing exit after redirect in modules/panel.class.php. The redirect"/" call...

9.8CVSS6.5AI score0.06996EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2026/02/23 7:25 p.m.5 views

CVE-2019-25459

Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlakdurumu, emlaktipi, il, ilce, kelime, and semt to extract sensitive...

9.8CVSS5.7AI score0.00433EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/23 7:25 p.m.5 views

CVE-2019-25458

Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can send requests to with malicious payloads in the 'il', 'kat', or 'kelime' parameters to extract...

9.8CVSS5.7AI score0.00479EPSS
Exploits1References1
NVD
NVD
added 2026/02/22 3:16 p.m.6 views

CVE-2019-25459

Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlakdurumu, emlaktipi, il, ilce, kelime, and semt to extract sensitive...

9.8CVSS0.00433EPSS
Exploits1References3
NVD
NVD
added 2026/02/22 3:16 p.m.8 views

CVE-2019-25458

Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can send requests to with malicious payloads in the 'il', 'kat', or 'kelime' parameters to extract...

9.8CVSS0.00479EPSS
Exploits1References3
OSV
OSV
added 2026/02/22 3:16 p.m.5 views

CVE-2019-25459

Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlakdurumu, emlaktipi, il, ilce, kelime, and semt to extract sensitive...

9.8CVSS5.9AI score0.00433EPSS
Exploits1References3
NVD
NVD
added 2026/02/22 2:16 p.m.6 views

CVE-2019-25443

Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicious SQL payloads in the name, description, quantity, or catid parameters to add-item.php to execut...

8.8CVSS0.00232EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/22 2:12 p.m.24 views

CVE-2019-25459 Web Ofisi Emlak V2 SQL Injection via emlak-ara.html

Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlakdurumu, emlaktipi, il, ilce, kelime, and semt to extract sensitive...

9.8CVSS0.00433EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/22 2:12 p.m.3 views

CVE-2019-25459

Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlakdurumu, emlaktipi, il, ilce, kelime, and semt to extract sensitive...

8.8CVSS6AI score0.00433EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/22 2:12 p.m.2 views

CVE-2019-25458 Web Ofisi Firma Rehberi v1 SQL Injection via firmalar.html

Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can send requests to with malicious payloads in the 'il', 'kat', or 'kelime' parameters to extract...

9.8CVSS5.7AI score0.00479EPSS
Exploits1References3
CVE
CVE
added 2026/02/22 2:12 p.m.18 views

CVE-2019-25458

CVE-2019-25458 affects Web Ofisi Firma Rehberi v1, where an SQL injection flaw allows unauthenticated users to manipulate database queries via GET parameters. Specifically, malicious payloads placed in the il, kat, or kelime parameters can extract sensitive data or enable time-based blind SQL inj...

9.8CVSS6AI score0.00479EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/02/22 1:18 p.m.26 views

CVE-2019-25443 Inventory Webapp SQL Injection via add-item.php

Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicious SQL payloads in the name, description, quantity, or catid parameters to add-item.php to execut...

8.8CVSS0.00232EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/22 1:18 p.m.5 views

CVE-2019-25443 Inventory Webapp SQL Injection via add-item.php

Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicious SQL payloads in the name, description, quantity, or catid parameters to add-item.php to execut...

8.8CVSS6.2AI score0.00232EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/22 1:18 p.m.5 views

CVE-2019-25443

Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicious SQL payloads in the name, description, quantity, or catid parameters to add-item.php to execut...

8.8CVSS6.3AI score0.00232EPSS
Exploits0References2
CVE
CVE
added 2026/02/22 1:18 p.m.13 views

CVE-2019-25443

Inventory Webapp is affected by CVE-2019-25443: an SQL injection in add-item.php allows unauthenticated users to manipulate queries via GET parameters (name, description, quantity, cat_id), enabling arbitrary database commands. The vulnerability affects the way input is incorporated into SQL stat...

8.8CVSS6.3AI score0.00232EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/22 12:0 a.m.8 views

Inventory Webapp SQL注入漏洞

Inventory Webapp is a browser-based inventory management system developed by Inventory Company. The Inventory Webapp has a SQL injection vulnerability, which stems from SQL injections in GET parameters. This vulnerability could allow unverified attackers to manipulate database queries...

8.8CVSS5.9AI score0.00232EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/22 12:0 a.m.9 views

PT-2026-21446

Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlak durumu, emlak tipi, il, ilce, kelime, and semt to extract sensiti...

8.8CVSS5.9AI score0.00433EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/22 12:0 a.m.6 views

PT-2026-21433

Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicious SQL payloads in the name, description, quantity, or cat id parameters to add-item.php to execu...

8.8CVSS6.3AI score0.00232EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/22 12:0 a.m.4 views

PT-2026-21445

Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can send requests to with malicious payloads in the 'il', 'kat', or 'kelime' parameters to extract...

8.8CVSS5.9AI score0.00479EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/22 12:0 a.m.13 views

Web Ofisi Emlak SQL注入漏洞

Web Ofisi Emlak is a real estate agency website system developed by the Turkish company Web Ofisi. The Web Ofisi Emlak V2 version has a SQL injection vulnerability, which stems from insufficient validation of multiple GET parameter inputs. This vulnerability may lead to SQL injection attacks...

9.8CVSS5.8AI score0.00433EPSS
Exploits1References4
Rows per page
Query Builder