EUVD-2019-19827

202CMS v10 beta contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the loguser parameter. Attackers can send POST requests to index.php with crafted SQL payloads using time-based blind injection technique...

CVE-2019-25539

202CMS v10 beta contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the loguser parameter. Attackers can send POST requests to index.php with crafted SQL payloads using time-based blind injection technique...

CVE-2019-25538

202CMS v10 beta contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the loguser parameter. Attackers can send crafted requests with malicious SQL statements in the loguser field to extract sensitive database...

CVE-2019-25539

CVE-2019-25539 affects 202CMS v10 beta. The vulnerability is a blind, time-based SQL injection in the log_user parameter via POST to index.php, exploitable by unauthenticated attackers to extract sensitive database information. Impact details from the entry indicate high confidentiality impact an...

CVE-2019-25538 202CMS v10 beta SQL Injection via log_user Parameter

202CMS v10 beta contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the loguser parameter. Attackers can send crafted requests with malicious SQL statements in the loguser field to extract sensitive database...

CVE-2019-25538

The CVE-2019-25538 issue affects 202CMS v10 beta, where an SQL injection is possible through the log_user parameter. Unauthenticated attackers can inject SQL statements via that field to manipulate queries and potentially disclose or modify database contents. Root cause: improper handling of user...

202CMS SQL注入漏洞

202CMS is a content management system developed by konradpl99. The 202CMS v10 beta version has a SQL injection vulnerability. This vulnerability stems from the loguser parameter, which allows for SQL injections, potentially enabling unverified attackers to manipulate database queries...

CVE-2020-15892

An issue was discovered in apply.cgi on D-Link DAP-1520 devices before 1.10b04Beta02. Whenever a user performs a login action from the web interface, the request values are being forwarded to the ssi binary. On the login page, the web interface restricts the password input field to a fixed length...

202CMS v10beta - Multiple SQL Injection

=========================================================================================== Exploit Title: 202CMS - 'loguser' SQL Inj. Dork: N/A Date: 20-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://sourceforge.net/projects/b202cms/ Software Link:...