Astra Linux - уязвимость в ruby-nokogiri

A command injection vulnerability exists in Nokogiri v1.10.3 and earlier. This vulnerability allows commands to be executed in a subprocess via Ruby’s Kernel.open method. Processes become vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is called with unsafe user input ...

📄 GaatiTrack 1.0 SQL Injection

GaatiTrack version 1.0 suffers from multiple remote SQL injection vulnerabilities. Metasploit module included. Titles: GaatiTrack-1.0 Copyright©2025-Multiple-SQLi - Metasploit module Author: nu11secur1ty Date: 10/06/2025 Vendor: https://www.mayurik.com/ Software:...

📄 Rupee Invoice 1.0 SQL Injection

Rupee Invoice version 1.0 suffers from a remote SQL injection vulnerability. Titles: RUPEE-INVOICE-1.0-Multiple-SQLi Author: nu11secur1ty Date: 09/09/2025 Vendor: https://www.mayurik.com/ Software:...

📄 BarbarBaba 1.0 SQL Injection

BarbarBaba version 1.0 suffers from a remote SQL injection vulnerability. Titles: BarbarBaba-1.0 Copyright©2025-Multiple-SQLi Author: nu11secur1ty Date: 07/21/2025 Vendor: https://www.mayurik.com/ Software:...

CVE-2023-24084

ChiKoi v1.0 was discovered to contain a SQL injection vulnerability via the loadfile function...

CVE-2021-45255

The email parameter from ajax.php of Video Sharing Website 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's loadfile function with a UNC file path that references a URL on an external domain. The application interacted with that domain,...

Joomla weblinks-categories Unauthenticated SQL Injection / Arbtirary File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Joomla weblinks-categories Unauthenticated SQL Injection Arbitrary File Read', 'Description' = %q Joomla versions 3.2.2 and below are vulnerable ...

ROS-20240626-12

A vulnerability in the Sphinx search engine is related to a path traversal error. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to the protected information using the CALL SNIPPETS statement or the loadfile function...

Tenant Limited 1.0 SQL Injection

Titles: TENANT-LIMITED-1.0 SQLi Author: nu11secur1ty Date: 05/20/2024 Vendor: https://mayurik.com/ Software: https://www.sourcecodester.com/php/17375/best-courier-management-system-project-php.html Reference: https://portswigger.net/web-security/sql-injection Description: The username parameter...

Computer Laboratory Management System v1.0 - Multiple-SQLi

Title: Computer Laboratory Management System v1.0 - Multiple-SQLi Author: nu11secur1ty Date: 03/28/2024 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/17268/computer-laboratory-management-system-using-php-and-mysql.htmlcomment-104400 Reference:...

101 News 1.0 - Multiple-SQLi

Title: 101 News-1.0 Multiple-SQLi Author: nu11secur1ty Date: 09/16/2023 Vendor: https://mayurik.com/ Software: https://www.sourcecodester.com/php/16067/best-online-news-portal-project-php-free-download.html Reference: https://portswigger.net/web-security/sql-injection Description: The searchtitle...

CVE-2023-47636 Full Path Disclosure via re-export document in pimcore/admin-ui-classic-bundle

The Pimcore Admin Classic Bundle provides a Backend UI for Pimcore. Full Path Disclosure FPD vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain vulnerabilities, such as using the loadfile within a SQL Injection query to view the page...

Online Diagnostic Lab Management 1.0 SQL Injection Vulnerability

Title: Online-Diagnostic-Lab-Management v1.0 Multiple-SQLi Author: nu11secur1ty Vendor: https://www.youtube.com/watch?v=0nA5xfQ5G0g Vendor: https://www.youtube.com/@MayuriK Software:...

ChiKoi v1.0 - SQL Injection

Title: ChiKoi-1.0 SQLi Author: nu11secur1ty Date: 01.12.2023 Vendor: https://chikoiquan.tanhongit.com/ Software: https://github.com/tanhongit/new-mvc-shop/releases/tag/v1.0 Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/tanhongit/2023/ChiKoi Description: The...

Purchase Order Management 1.0 SQL Injection Vulnerability

Title: Purchase Order Management-1.0 - SQLi Author: nu11secur1ty Vendor: https://www.sourcecodester.com/user/257130/activity Software: https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html Reference:...

SUSE CVE-2020-29050

SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal in conjunction with CVE-2019-14511 because the mysql client can be used for CALL SNIPPETS and loadfile operations on a full pathname e.g., a file in the /etc directory. NOTE: this is unrelated to CMUSphinx...

CVE-2023-24084

ChiKoi v1.0 was discovered to contain a SQL injection vulnerability via the loadfile function...

CVE-2023-24084

ChiKoi v1.0 was discovered to contain a SQL injection vulnerability via the loadfile function...

Sql injection

ChiKoi v1.0 was discovered to contain a SQL injection vulnerability via the loadfile function...

CVE-2023-24084

CVE-2023-24084 relates to ChiKoi v1.0, which is reported to have a SQL injection vulnerability via the load_file function. The consolidated data show a critical impact (CVSS v3.1: 9.8, CHI/I/H, NETWORK attack, no user interaction required) and indicate the vulnerability affects ChiKoi v1.0 as des...