CVE-2018-25418

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the year parameter. Attackers can send GET requests to year.php with crafted SQL payloads in the year parameter to extract sensiti...

CVE-2026-38930

OpenRapid RapidCMS v1.3.1 was discovered to contain an authentication bypass in the /template/default/menu.php component. This vulnerability is exploited via injecting a crafted SQL payload into the name cookie parameter...

OpenRapid RapidCMS 安全漏洞

OpenRapid RapidCMS is a fast, simple, and useful CMS system developed under the OpenRapid open-source framework. Version 1.3.1 of OpenRapid RapidCMS contains a security vulnerability. This vulnerability stems from a flaw in the /template/default/menu.php component, where authentication bypasses a...

CVE-2026-38930

OpenRapid RapidCMS v1.3.1 has an authentication bypass in /template/default/menu.php. The issue arises from injecting a crafted SQL payload into the name cookie parameter, enabling bypass of authentication. Documentation indicates a network-level vector with low confidentiality/integrity impact (...

CVE-2026-38930

OpenRapid RapidCMS v1.3.1 was discovered to contain an authentication bypass in the /template/default/menu.php component. This vulnerability is exploited via injecting a crafted SQL payload into the name cookie parameter...

CVE-2021-47980 Fuel CMS 1.4.13 Blind SQL Injection via col Parameter

Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'col' parameter in the Activity Log interface. Attackers can send requests to the logs endpoint with malicious SQL payloads in the 'col...

CVE-2018-25172

Pedidos 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET requests to the ajax/loadproveedores.php endpoint with crafted SQL payloads to extract sensitive...

CVE-2019-25498 Simple Job Script SQL Injection via searched Endpoint

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the landinglocation parameter. Attackers can send POST requests to the searched endpoint with malicious SQL payloads to bypass authenticatio...

SQL injection in Data Objects function

Description Log in as an admin, go to Data Objects function, and perform a sort action. Observer the request on Burpsuite and injection point is the 'sort' parameter Proof of Concept POC request that makes the application sleep for 5 seconds Data Objects function payload:...

MV Informática IDCE MV SQL Injection Vulnerability

MV Informática IDCE MV is a health management software from the Brazilian company MV Informática. MV Informática IDCE MV version 1.0 contains a SQL injection vulnerability that stems from a SQL injection issue in the user field of the login page. An attacker could exploit the vulnerability to...

Victor CMS 1.0 - Multiple SQL Injection (Authenticated)

Exploit Title: Victor CMS 1.0 - Multiple SQL Injection Authenticated Date: 17.12.2020 Exploit Author: Furkan Göksel Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0 Description: The Victor CMS v1.0...

VMware Harbor 1.7.x, 1.8.x < 1.8.6 / 1.9.x < 1.9.3

The version of VMware Harbor installed on the remote host is 1.7.x or 1.8.x prior to 1.8.6 or 1.9.x prior to 1.9.3. It is, therefore, affected multiple vulnerabilities, including the following: - A privilege escalation vulnerability that allows an authenticated, normal user to gain administrative...

Evernote: Non-production Open Database In Combination With XXE Leads To SSRF

Summary: The Apache Hive database hosted on the IP ██████████ and open on port 10000 is open and vulnerable to XXE. By "open", I mean that the database can be accessed by anyone. Steps To Reproduce: Chose any database client that supports Apache Hive and also uses a specific client version...

PaulPrinting CMS Printing 1.0 - SQL Injection

Exploit Title: PaulPrinting CMS Printing 1.0 - SQL Injection Exploit Date: 2018-05-19 Software Link: https://codecanyon.net/item/paulprinting-cms-printing-solutions/19546365 Author: Mehmet Onder Key Version: 1.0 Tested On: Linux 1. Description Any visitor can run code to exploit css and sql...

FreiChat 9.6 - SQL Injection

FreiChat 9.6 - SQL Injection / Exploit Title: FreiChat 9.6 SQL Injection Date: 27-11-2014 Software Link: http://codologic.com/page/freichat-free-php-chat-script-software Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps 1...

phpok配合csrf注入

简要描述： 参数未过滤 详细说明： 在projectcontrol.php function sortf $sort = $GET"sort"; if!$sort || !isarray$sort jsonexit"更新排序失败"; foreach$sort AS $key=$value $this-model'project'-updatetaxis$key,$value; jsonexit"更新排序成功",true; 可以看到系统没有通过自写函数get 而是直接用$GET接收变量 所以注入产生...