CVE-2022-38922

BluePage CMS thru 3.9 processes an insufficiently sanitized HTTP Header Cookie value allowing MySQL Injection in the 'users-cookie-settings' token using a Time-based blind SLEEP payload...

EUVD-2022-41469

Malicious code in bioql PyPI...

EUVD-2022-41470

Malicious code in bioql PyPI...

CVE-2022-38922

BluePage CMS thru 3.9 processes an insufficiently sanitized HTTP Header Cookie value allowing MySQL Injection in the 'users-cookie-settings' token using a Time-based blind SLEEP payload...

CVE-2022-38922

BluePage CMS thru 3.9 processes an insufficiently sanitized HTTP Header Cookie value allowing MySQL Injection in the 'users-cookie-settings' token using a Time-based blind SLEEP payload...

Design/Logic Flaw

BluePage CMS thru 3.9 processes an insufficiently sanitized HTTP Header Cookie value allowing MySQL Injection in the 'users-cookie-settings' token using a Time-based blind SLEEP payload...

Code injection

BluePage CMS thru v3.9 processes an insufficiently sanitized HTTP Header allowing MySQL Injection in the 'User-Agent' field using a Time-based blind SLEEP payload...

CVE-2022-38922

BluePage CMS up to version 3.9 is affected by an SQL injection in the processing of HTTP header cookie values, via the 'users-cookie-settings' token, allowing time-based blind exploitation (SLEEP). The issue arises from insufficient sanitization of the cookie header; Red Hat and NVD entries corro...

CVE-2022-38923

BluePage CMS (3.9 and earlier) contains SQL injection vulnerabilities due to insufficient sanitization of HTTP header fields. CVE-2022-38923 affects the User-Agent header, enabling MySQL Injection with a time-based blind payload on network access without authentication; CVE-2022-38922 (Red Hat / ...

CVE-2022-38922

BluePage CMS thru 3.9 processes an insufficiently sanitized HTTP Header Cookie value allowing MySQL Injection in the 'users-cookie-settings' token using a Time-based blind SLEEP payload...

CVE-2022-38923

BluePage CMS thru v3.9 processes an insufficiently sanitized HTTP Header allowing MySQL Injection in the 'User-Agent' field using a Time-based blind SLEEP payload...

CVE-2022-38923

BluePage CMS thru v3.9 processes an insufficiently sanitized HTTP Header allowing MySQL Injection in the 'User-Agent' field using a Time-based blind SLEEP payload...

CVE-2022-38922

BluePage CMS thru 3.9 processes an insufficiently sanitized HTTP Header Cookie value allowing MySQL Injection in the 'users-cookie-settings' token using a Time-based blind SLEEP payload...

PT-2023-13663 · Unknown · Bluepage Cms

Name of the Vulnerable Software and Affected Versions: BluePage CMS versions 3.9 and earlier Description: The issue allows MySQL Injection in the users-cookie-settings token using a Time-based blind SLEEP payload due to insufficient sanitization of the HTTP Header Cookie value. Recommendations: F...

GHSA-WQJJ-HX84-V449 Django Vulnerable to MySQL Injection

The 1 FilePathField, 2 GenericIPAddressField, and 3 IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, relate...

ChemInv 1 Cross Site Scripting

Exploit Title: ChemInv - Authenticated Persistent Cross-Site Scripting Exploit Author: Bobby Cooke Date: 2020-04-29 Software Link: https://github.com/tmorrell/cheminv Software Info: "Cheminv is a web-based chemical inventory system. This responsive database provides an accessible way to organize...

PYSEC-2020-144

In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of SQL injection have been found for MySQL and when filtering or doing mass-updates on char/text fields. SQLite & PostgreSQL are only affected when filtering with contains, startswith, or endswith filters and their case-insensitive...

VehicleWorkshop 1.0 - (bookingid) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: VehicleWorkshop 1.0 - 'bookingid' SQL Injection Exploit Author: Mehran Feizi Vendor HomagePage: https://github.com/spiritson/VehicleWorkshop Tested on: Windows Google Dork: N/A ========= Vulnerable Page: =========...

rtMedia for WordPress, BuddyPress & bbPress 3.7.39 - SQL Injection

When initialized, the rtMedia will include and instantiate certain classes if BuddyPress is installed. One of these classes is RTMediaActivityUpgrade, contained within the file ‘app/importers/RTMediaActivityUpgrade.php’. This class is instantiated in the file ‘admin/RTMediaAdmin.php,’ line 110, i...

Cart66 Lite <= 1.5.3 - SQL Injection

The QSA named ‘q’ for the ‘promotionProductSearch’ AJAX call is not being sanitized, which allows for MySQL injection utilizing a UNION. The user must be logged in for this to be applicable. The output is JSON encoded, however is a pure representation of the data returned from a MySQL query...