12 matches found
EUVD-2020-30097
Malware in sbrugna...
CVE-2020-9268
SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, as demonstrated by the projets.php?order=nomcreateur= substring...
PT-2024-38366 · Lunary Ai · Lunary
Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version v1.4.2 Description: A SQL injection vulnerability exists in the "/api/v1/external-users" route. The order by clause of the SQL query uses sql.unsafe without prior sanitization, allowing for SQL injection. The...
GHSA-5GRX-V727-QMQ6 1Panel has an SQL injection issue related to the orderBy clause
Summary There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. The proof is as follows Details (one of them ) PoC curl 'http://api:30455/api/v1/hosts/command/search'...
1Panel has an SQL injection issue related to the orderBy clause
Summary There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. The proof is as follows Details (one of them ) PoC curl 'http://api:30455/api/v1/hosts/command/search'...
1Panel has an SQL injection issue related to the orderBy clause
There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. The proof is as follows...
CVE-2020-9268
SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, as demonstrated by the projets.php?order=nomcreateur&by= substring...
CVE-2020-9268
SOPlanning 1.45 is vulnerable to SQL Injection in the ORDER BY clause (projets.php?order=nom_createur&by= substring). Root cause: unsafe concatenation/handling of ORDER BY inputs enabling attacker-controlled data. Impact: information disclosure demonstrated in public reports; CVSS/metrics indicat...
CVE-2020-9268
SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, as demonstrated by the projets.php?order=nomcreateur&by= substring...
CVE-2020-9268
SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, as demonstrated by the projets.php?order=nomcreateur&by= substring. Recent assessments: J3rryBl4nks at March 09, 2020 9:11pm UTC reported: This SQL Injection is trivial to identify and exploit: This injection will allow you to...
SOPlanning 1.45 - (by) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: SOPlanning 1.45 - 'by' SQL Injection Exploit Author: J3rryBl4nks Vendor Homepage: https://www.soplanning.org/en/ Software Link: https://sourceforge.net/projects/soplanning/files/soplanning/ Version 1.45 Tested on Windows 10/Kali...
SOPlanning 1.45 - 'by' SQL Injection
Exploit Title: SOPlanning 1.45 - 'by' SQL Injection Date: 2020-02-14 Exploit Author: J3rryBl4nks Vendor Homepage: https://www.soplanning.org/en/ Software Link: https://sourceforge.net/projects/soplanning/files/soplanning/ Version 1.45 Tested on Windows 10/Kali Rolling The SOPlanning application i...