216526 matches found
CVE-2018-25201
School Management System CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit malicious payloads using boolean-based blind SQL injection techniques...
CVE-2018-25185
Wecodex Restaurant CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the username parameter. Attackers can send POST requests to the login endpoint with malicious SQL payloads using boolean-based blin...
CVE-2018-25183
Shipping System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit malicious SQL payloads using boolean-based blind techniques in POST requests to the admin login...
CVE-2018-25210 WebOfisi E-Ticaret 4.0 SQL Injection via urun Parameter
WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the endpoint that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL payloads through the 'urun' parameter to execute boolean-based blind, error-based, time-based...
CVE-2018-25210
WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the endpoint that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL payloads through the 'urun' parameter to execute boolean-based blind, error-based, time-based...
CVE-2018-25210 WebOfisi E-Ticaret 4.0 SQL Injection via urun Parameter
WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the endpoint that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL payloads through the 'urun' parameter to execute boolean-based blind, error-based, time-based...
CVE-2018-25210
WebOfisi E-Ticaret 4.0 is affected by an SQL injection in the 'urun' GET parameter of the vulnerable endpoint. The issue allows unauthenticated attackers to manipulate backend queries using SQL payloads through the 'urun' parameter, enabling boolean-based blind, error-based, time-based blind, and...
CVE-2018-25209
OpenBiz Cubi Lite 3.0.8 contains a SQL injection vulnerability in the login form that allows unauthenticated attackers to manipulate database queries through the username parameter. Attackers can submit POST requests to /bin/controller.php with malicious SQL code in the username field to extract...
CVE-2018-25209
OpenBiz Cubi Lite 3.0.8 contains a SQL injection in the login form. An unauthenticated attacker can submit POST requests to /bin/controller.php with malicious SQL in the username field to manipulate queries, potentially extract sensitive database information or bypass authentication. The CVE is d...
CVE-2018-25208 qdPM 9.1 SQL Injection via filter_by Parameters
qdPM 9.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through filterby parameters. Attackers can submit malicious POST requests to the timeReport endpoint with crafted filterbyCommentCreatedFrom and...
CVE-2018-25208
qdPM 9.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through filterby parameters. Attackers can submit malicious POST requests to the timeReport endpoint with crafted filterbyCommentCreatedFrom and...
CVE-2018-25208
CVE-2018-25208 affects qdPM 9.1. It describes an SQL injection vulnerability in the timeReport endpoint where unauthenticated attackers can craft requests with filter_by[CommentCreatedFrom] and filter_by[CommentCreatedTo] to execute arbitrary SQL and retrieve data. The vulnerability is tied to th...
CVE-2018-25207
Online Quiz Maker 1.0 is affected by SQL injection in the catid and usern parameters. The issue allows authenticated attackers to submit crafted SQL payloads via POST requests to quiz-system.php or add-category.php, potentially extracting sensitive data or bypassing authentication. The vulnerabil...
CVE-2018-25207 Online Quiz Maker 1.0 SQL Injection via catid Parameter
Online Quiz Maker 1.0 contains SQL injection vulnerabilities in the catid and usern parameters that allow authenticated attackers to execute arbitrary SQL commands. Attackers can submit malicious POST requests to quiz-system.php or add-category.php with crafted SQL payloads in POST parameters to...
CVE-2018-25206 KomSeo Cart 1.3 SQL Injection via edit.php
KomSeo Cart 1.3 contains an SQL injection vulnerability that allows attackers to inject SQL commands through the 'myitemsearch' parameter in edit.php. Attackers can submit POST requests with malicious SQL payloads to extract sensitive database information using boolean-based blind or error-based...
CVE-2018-25206
KomSeo Cart 1.3 contains an SQL injection vulnerability that allows attackers to inject SQL commands through the 'myitemsearch' parameter in edit.php. Attackers can submit POST requests with malicious SQL payloads to extract sensitive database information using boolean-based blind or error-based...
CVE-2018-25206
KomSeo Cart 1.3 contains an SQL injection in edit.php via the my_item_search parameter. Attackers can submit POST payloads to perform boolean-based blind or error-based injections to extract sensitive database information. The vulnerability has high impact on confidentiality (C) and low impact on...
CVE-2018-25207 Online Quiz Maker 1.0 SQL Injection via catid Parameter
Online Quiz Maker 1.0 contains SQL injection vulnerabilities in the catid and usern parameters that allow authenticated attackers to execute arbitrary SQL commands. Attackers can submit malicious POST requests to quiz-system.php or add-category.php with crafted SQL payloads in POST parameters to...
CVE-2018-25205
CVE-2018-25205 concerns ASP.NET jVideo Kit 1.0, where a vulnerability in the search functionality allows unauthenticated SQL injection via the query parameter in the /search endpoint. Attackers can submit malicious payloads through GET or POST requests to extract sensitive database information us...
CVE-2018-25205
ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the 'query' parameter in the search functionality. Attackers can submit malicious SQL payloads via GET or POST requests to the /search endpoint to extract sensitive...