EUVD-2022-25611

Malicious code in bioql PyPI...

CVE-2025-6915

A vulnerability, which was classified as critical, has been found in PHPGurukul Student Record System 3.2. Affected by this issue is some unknown functionality of the file /register.php. The manipulation of the argument session leads to sql injection. The attack may be launched remotely. The...

CVE-2023-33278

In the Store Commander scexportcustomers module for PrestaShop through 3.6.1, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection...

CVE-2025-46547

In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an attacker conducting XSS attacks, adding a new user or role, or exploiting a SQL injection issue...

CVE-2023-23315

The PrestaShop e-commerce platform module stripejs contains a Blind SQL injection vulnerability up to version 4.5.5. The method stripejsValidationModuleFrontController::initContent has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection...

PT-2022-24579

Name of the Vulnerable Software and Affected Versions AeroCMS version 0.1.1 Description The issue is related to SQL Injection via the author parameter. This allows for potential exploitation. Recommendations For AeroCMS version 0.1.1, consider restricting access to the author parameter to minimiz...

Negin Group CMS - (v) Multiple Web Vulnerabilities

Document Title: =============== Negin Group CMS - v Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1831 Release Date: ============= 2016-04-24 Vulnerability Laboratory ID VL-ID: ==================================== 1831 Comm...

phpMyDirectory.com 1.3.3 - SQL Injection

No description provided by source...

The Mole - Automatic SQL Injection Exploitation Tool

The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. Features Support for injections using Mysql, SQL Server,...

uPhotoGallery (v 1.1) SQL Injection

Aria-Security Team Advisory www.Aria-security.Com For English www.Aria-Security.net For Persian ----------------------------------------------------------- Software: uPhotoGallery 1.1 Method: SQL injection PoC: http://target/slideshow.asp?imgid=290&ci=SQL Injection...

JGS-Portal 3.0.1 - 'ID' SQL Injection

source: https://www.securityfocus.com/bid/13451/info JGS-Portal is prone to an SQL injection. This issue may potentially be exploited to compromise the software or gain unauthorized access to the database. The consequences of exploitation will depend on the nature of the vulnerable SQL query and...

eGroupWare 1.0 - '/sitemgr-site/index.php?category_id' Cross-Site Scripting

source: https://www.securityfocus.com/bid/13212/info eGroupWare is prone to multiple input validation vulnerabilities. A fixed version is available. The issues arise due to a failure of the application to properly validate user-supplied input. These issues result in cross-site scripting and SQL...

OneWorldStore - OWAddItem.asp SQL Injection

OneWorldStore - OWAddItem.asp SQL Injection source: https://www.securityfocus.com/bid/13181/info OneWorldStore is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful...

DCP-Portal 6.1.1 - Multiple SQL Injections

DCP-Portal 6.1.1 - Multiple SQL Injections source: https://www.securityfocus.com/bid/12573/info DCP-Portal is reportedly affected by multiple SQL injection vulnerabilities. These issues exist because the application fails to properly sanitize user-supplied input before using it in SQL queries...

[Full-Disclosure] Serendipity 0.7-beta1 SQL Injection PoC

Serendipity 0.7-beta1 SQL Injection Proof of Concept By aCiDBiTS [email protected] 13-September-2004 "Serendipity http://www.s9y.org/ is a weblog/blog system, implemented with PHP. It is standards compliant, feature rich and open source BSD License." There is no user input sanitation for...