CVE-2023-24084

ChiKoi v1.0 was discovered to contain a SQL injection vulnerability via the loadfile function...

Senayan Library Management System 9.1.1 SQL Injection

Title: Senayan Library Management System v9.1.1 a.k.a SLIMS 9 SQLi Author: nu11secur1ty Date: 11.09.2022 Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases/download/v9.1.1/slims9bulian-9.1.1.zip Reference:...

Senayan Library Management System 9.2.0 SQL Injection

Title: Senayan Library Management System v9.2.0 a.k.a SLIMS 9 SQLi Author: nu11secur1ty Date: 12.19.2022 Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases/tag/v9.2.0 Reference:...

Multi-Language Hotel Management 2022 1.0 SQL Injection

Title: Multi-Language-Hotel-Management-2022 1.0 SQLi Author: nu11secur1ty Date: 08.03.2022 Vendor: https://www.nikhilbhalerao.com/ Software: https://github.com/nu11secur1ty/CVE-nu11secur1ty/blob/main/vendors/Nikhil%20Bhalerao/2022/Multi-Language-Hotel-Management-2022/Docs/sparkz.zip Reference:...

Insurance Management System v1.0 SQL injection Vulnerability

Title: Insurance Management System v1.0 SQLi Author: nu11secur1ty Vendor: https://itsourcecode.com/free-projects/php-project/php-projects-source-code-free-downloads/ Software: https://itsourcecode.com/free-projects/php-project/insurance-management-system-project-in-php-free-download/ Reference:...

Matrimony 1.0 SQL Injection

Title: Matrimony 1.0 SQLi Author: nu11secur1ty Date: 03.05.2022 Vendor: https://www.vetbossel.in/matrimony-project-php/ Software: https://cutt.ly/LOHzKd0, https://www.vetbossel.in/matrimony-project-php/ Reference:...

Air Cargo Management System 1.0 SQL Injection

Title: Air Cargo Management System v1.0 remote SQL-Injections Author: nu11secur1ty Date: 02.18.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15188/air-cargo-management-system-php-oop-free-source-code.html CVE - Air Cargo Management Systemv1....

Simple Real Estate Portal System 1.0 SQL Injection

Title: Simple Real Estate Portal System v1.0 remote SQL-Injections Author: nu11secur1ty Date: 02.20.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15184/simple-real-estate-portal-system-phpoop-free-source-code.html Description: The id paramet...

CVE-2021-46451

An SQL Injection vulnerabilty exists in Sourcecodester Online Project Time Management System 1.0 via the pid parameter in the loadfile function...

CVE-2021-46451

An SQL Injection vulnerabilty exists in Sourcecodester Online Project Time Management System 1.0 via the pid parameter in the loadfile function...

CVE-2020-29050

SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal in conjunction with CVE-2019-14511 because the mysql client can be used for CALL SNIPPETS and loadfile operations on a full pathname e.g., a file in the /etc directory. NOTE: this is unrelated to CMUSphinx...

Directory traversal

SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal in conjunction with CVE-2019-14511 because the mysql client can be used for CALL SNIPPETS and loadfile operations on a full pathname e.g., a file in the /etc directory. NOTE: this is unrelated to CMUSphinx...

Computer And Mobile Repair Shop Management 1.0 SQL Injection

Title: Computer and Mobile Repair Shop Management-1.0 SQL - Injections Author: nu11secur1ty Date: 12.28.2021 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15108/computer-and-mobile-repair-shop-management-system-using-phpoop-free-source-code.html...

Computer And Mobile Repair Shop Management 1.0 SQL Injection Vulnerability

Title: Computer and Mobile Repair Shop Management-1.0 SQL - Injections Author: nu11secur1ty Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15108/computer-and-mobile-repair-shop-management-system-using-phpoop-free-source-code.html Description: The...

CVE-2021-44599

The id parameter from Online Enrollment Management System 1.0 system appears to be vulnerable to SQL injection attacks. A crafted payload injects a SQL sub-query that calls MySQL's loadfile function with a UNC file path that references a URL on an external domain. The application interacted with...

CVE-2021-45255

The email parameter from ajax.php of Video Sharing Website 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's loadfile function with a UNC file path that references a URL on an external domain. The application interacted with that domain,...

CVE-2021-45253

The id parameter in viewstorage.php from Simple Cold Storage Management System 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's loadfile function with a UNC file path that references a URL on an external domain. The application interacted...

Sql injection

The email parameter from ajax.php of Video Sharing Website 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's loadfile function with a UNC file path that references a URL on an external domain. The application interacted with that domain,...

CVE-2021-45255

The email parameter from ajax.php of Video Sharing Website 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's loadfile function with a UNC file path that references a URL on an external domain. The application interacted with that domain,...

CVE-2021-45253

The id parameter in viewstorage.php from Simple Cold Storage Management System 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's loadfile function with a UNC file path that references a URL on an external domain. The application interacted...