10WebMapBuilder < 1.0.73 - Unauthenticated SQLi

The plugin does not properly sanitise and escape some parameters before using them in an SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection Note: /2022/12/29/map/ is page/post where the GoogleMapsWD is embed POST /2022/12/29/map/ HTTP/1.1 Content-Type:...

Asgaros Forum < 2.0.0 - Subscriber+ Blind SQL Injection

The plugin does not sanitise and escape the postid parameter before using it in a SQL statement via a REST route of the plugin accessible to any authenticated user, leading to a SQL injection As any authenticated user, such as subscriber To get the nonce: /wp-admin/admin-ajax.php?action=rest-nonc...

Side Menu Lite < 2.2.1 - Authenticated SQL Injection

The plugin does not properly sanitize input values from the browser when building an SQL statement. Users with the administrator role or permission to manage this plugin could perform an SQL Injection attack...

TimeClock Software 1.01 SQL Injection

!/usr/bin/python3 Exploit Title: TimeClock Software 1.01 Authenticated Time-Based SQL Injection Date: July 21, 2020 Exploit Author: François Bibeau Co Author: Tyler Butler, http://tbutler.org, https://twitter.com/tbutler0x90 Vendor Homepage: http://timeclock-software.net/ Software Link:...

Itech B2B Script 4.28 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Itech B2B Script v4.28 – SQL Injection Date: 30.01.2017 Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/b2b-script/ Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.c...

Streamo Online Radio And TV Streaming CMS - SQL Injection

Streamo Online Radio And TV Streaming CMS - SQL Injection Application Name : Streamo - Online Radio And Tv Streaming CMS Google Dork : inurl:rjdetails.php?id= Exploit Author : Cyber Warrior | Bug Researchers Group | N4TuraL Author Contact : https://twitter.com/byn4tural Vendor Homepage :...