216673 matches found
CVE-2019-25576
Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the category parameter. Attackers can send GET requests to the category endpoint with URL-encoded SQL UNION statements to...
CVE-2019-25578
phpTransformer 2016.9 contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the idnews parameter. Attackers can send crafted GET requests to GeneratePDF.php with SQL payloads in the idnews parameter to extract...
CVE-2019-25573
Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cat parameter. Attackers can send GET requests to index.php with m=admin, c=posts, a=index parameters and inject SQL code in the cat...
CVE-2019-25581
i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the objGroupID parameter. Attackers can send GET requests with crafted SQL payloads in the objGroupID parameter to extract sensitive...
CVE-2019-25581 i-doit CMDB 1.12 SQL Injection via objGroupID Parameter
i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the objGroupID parameter. Attackers can send GET requests with crafted SQL payloads in the objGroupID parameter to extract sensitive...
CVE-2019-25581 i-doit CMDB 1.12 SQL Injection via objGroupID Parameter
i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the objGroupID parameter. Attackers can send GET requests with crafted SQL payloads in the objGroupID parameter to extract sensitive...
CVE-2019-25580
ownDMS 4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the IMG parameter. Attackers can send GET requests to pdfstream.php, imagestream.php, or anyfilestream.php with crafted SQL payloads in the...
CVE-2019-25580
CVE-2019-25580 concerns ownDMS 4.7, where an SQL injection exists in the IMG parameter. The vulnerability enables unauthenticated attackers to send crafted SQL payloads via GET requests to pdfstream.php, imagestream.php, or anyfilestream.php to extract sensitive DB information (e.g., version, dat...
CVE-2019-25578 phpTransformer 2016.9 SQL Injection via GeneratePDF.php
phpTransformer 2016.9 contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the idnews parameter. Attackers can send crafted GET requests to GeneratePDF.php with SQL payloads in the idnews parameter to extract...
CVE-2019-25578
phpTransformer 2016.9 contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the idnews parameter. Attackers can send crafted GET requests to GeneratePDF.php with SQL payloads in the idnews parameter to extract...
CVE-2019-25578
This CVE affects phpTransformer 2016.9. The SQL injection vulnerability occurs in GeneratePDF.php via the idnews parameter, allowing remote attackers to craft GET requests that execute arbitrary SQL, potentially exposing sensitive data or manipulating queries. Root cause: improper handling of use...
CVE-2019-25576 Kepler Wallpaper Script 1.1 SQL Injection via category
Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the category parameter. Attackers can send GET requests to the category endpoint with URL-encoded SQL UNION statements to...
CVE-2019-25576
CVE-2019-25576 affects Kepler Wallpaper Script 1.1 and is described as an SQL injection in the category parameter. An unauthenticated attacker can send GET requests with URL-encoded SQL UNION statements to retrieve data such as usernames, database names, and MySQL version details. The connected s...
CVE-2019-25575 SimplePress CMS 1.0.7 SQL Injection via p and s Parameters
SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'p' and 's' parameters. Attackers can send GET requests with crafted SQL payloads to extract sensitive database information...
CVE-2019-25575
CVE-2019-25575 affects SimplePress CMS 1.0.7. The vulnerability is an SQL injection in the web app that permits unauthenticated attackers to craft GET requests via the p and s parameters to execute arbitrary SQL. Impact per sources includes extraction of sensitive data such as usernames, database...
CVE-2019-25573
Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cat parameter. Attackers can send GET requests to index.php with m=admin, c=posts, a=index parameters and inject SQL code in the cat...
CVE-2019-25573
CVE-2019-25573 concerns Green CMS 2.x, where an SQL injection vulnerability exists in the cat parameter. The flaw can be exploited by an authenticated attacker who sends a GET request to index.php with m=admin, c=posts, a=index and injects SQL code through the cat parameter, enabling manipulation...
CVE-2019-25573 Green CMS 2.x SQL Injection via cat Parameter
Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cat parameter. Attackers can send GET requests to index.php with m=admin, c=posts, a=index parameters and inject SQL code in the cat...
EUVD-2026-14246
A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function ask of the file vanna\legacy\base\base.py. Performing a manipulation results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. T...
CVE-2026-4513
A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function ask of the file vanna\legacy\base\base.py. Performing a manipulation results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. T...