20 matches found
CVE-2021-47966
The CVE concerns PHP Timeclock 1.04, where the login_userid parameter in login.php is vulnerable to time-based and boolean-based blind SQL injection. unauthenticated attackers can submit crafted POST requests with SQL payloads (e.g., SLEEP functions or RLIKE conditions) to dump database contents,...
PT-2026-41345
PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in the login userid parameter of login.php that allows unauthenticated attackers to extract database contents. Attackers can submit crafted POST requests with SQL payloads using SLEEP functions or RLIKE...
EUVD-2019-20079
PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to...
CVE-2019-25672
PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to...
CVE-2019-25672
PilusCart 1.4.1 is affected by a SQL injection in the send parameter. Unauthenticated attackers can craft POST requests to the comment submission endpoint using RLIKE-based boolean SQL payloads to extract data from the database. The available sources confirm the vulnerability and affected version...
CVE-2019-25672 PilusCart 1.4.1 SQL Injection via send Parameter
PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to...
CVE-2026-27461
Pimcore is an Open Source Data & Experience Management Platform. In versions up to and including 11.5.14.1 and 12.3.2, the filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameteriz...
GHSA-VXG3-V4P6-F3FP Pimcore vulnerable to SQL injection via unsanitized filter value in Dependency Dao RLIKE clause
The filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameterized queries. Affected code in models/Dependency/Dao.php: - getFilterRequiresByPath lines 90, 95, 100 -...
Pimcore vulnerable to SQL injection via unsanitized filter value in Dependency Dao RLIKE clause
The filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameterized queries. Affected code in models/Dependency/Dao.php: - getFilterRequiresByPath lines 90, 95, 100 -...
CVE-2026-27461
Summary : Pimcore pre-12.3.3 exposes a SQL-like injection in the dependency listing filter. In versions up to 11.5.14.1 and 12.3.2, the filter query parameter is JSON-decoded and the value is concatenated directly into RLIKE clauses without sanitization or parameterized queries. Impact : With adm...
CVE-2026-27461 Pimcore vulnerable to SQL injection via unsanitized filter value in Dependency Dao RLIKE clause
Pimcore is an Open Source Data & Experience Management Platform. In versions up to and including 11.5.14.1 and 12.3.2, the filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameteriz...
CVE-2026-27461
Pimcore is an Open Source Data & Experience Management Platform. In versions up to and including 11.5.14.1 and 12.3.2, the filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameteriz...
CVE-2026-27461 Pimcore vulnerable to SQL injection via unsanitized filter value in Dependency Dao RLIKE clause
Pimcore is an Open Source Data & Experience Management Platform. In versions up to and including 11.5.14.1 and 12.3.2, the filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameteriz...
PT-2026-21658
Name of the Vulnerable Software and Affected Versions Pimcore versions up to and including 11.5.14.1 Pimcore versions up to and including 12.3.2 Description Pimcore is an Open Source Data & Experience Management Platform. The filter query parameter in the dependency listing endpoints is processed...
waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 SQL Injection
Exploit Title: waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - 'start' SQL Injection Date: 2019-10-28 Exploit Author: Cakes Vendor Homepage: waldronmatt/FullCalendar-BS4-PHP-MySQL-JSON Software Link: https://github.com/waldronmatt/FullCalendar-BS4-PHP-MySQL-JSON.git Version: 1.21 Tested on:...
waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - 'start' SQL Injection
Exploit Title: waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - 'start' SQL Injection Date: 2019-10-28 Exploit Author: Cakes Vendor Homepage: waldronmatt/FullCalendar-BS4-PHP-MySQL-JSON Software Link: https://github.com/waldronmatt/FullCalendar-BS4-PHP-MySQL-JSON.git Version: 1.21 Tested on:...
ResourceSpace 8.6 - 'collection_edit.php' SQL Injection
Exploit Title: ResourceSpace &redirect=yes&ref=3620&submitted=true&name=PWNED&keywords=©=&save=%C2%A0%C2%A0Save%C2%A0%C2%A0'...
KeyBase Botnet 1.5 - SQL Injection
Exploit Title: KeyBase Botnet v1.5 - SQL Injection Vulnerability Google Dork: intitle:"KeyBase: Login" + intext:" Login to get access to your logs " Date: 3/12/2018 Exploit Author: n4pst3r Vendor Homepage: unkn0wn Software Link: unkn0wn Version: v1.5 Tested on: Windows 10, debian 7 CVE : n/a...
WebOfisi E-Ticaret V4 - urun SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: WebOfisi E-Ticaret V4 - 'urun' SQL Injection Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.web-ofisi.com Software Demo: http://demobul.net/eticaretv4/ Software Link:...
Itech Multi Vendor Script 6.49 SQL Injection
Exploit Title: Itech Multi Vendor Script 6.49 a SQL Injection Date: 30.01.2017 Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/multi-vendor-shopping-script/ Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web Application...