CVE-2021-47966

The CVE concerns PHP Timeclock 1.04, where the login_userid parameter in login.php is vulnerable to time-based and boolean-based blind SQL injection. unauthenticated attackers can submit crafted POST requests with SQL payloads (e.g., SLEEP functions or RLIKE conditions) to dump database contents,...

PT-2026-41345

PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in the login userid parameter of login.php that allows unauthenticated attackers to extract database contents. Attackers can submit crafted POST requests with SQL payloads using SLEEP functions or RLIKE...

EUVD-2019-20079

PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to...

CVE-2019-25672

PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to...

CVE-2019-25672

PilusCart 1.4.1 is affected by a SQL injection in the send parameter. Unauthenticated attackers can craft POST requests to the comment submission endpoint using RLIKE-based boolean SQL payloads to extract data from the database. The available sources confirm the vulnerability and affected version...

CVE-2019-25672 PilusCart 1.4.1 SQL Injection via send Parameter

PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to...