216526 matches found
CVE-2018-25205 ASP.NET jVideo Kit 1.0 SQL Injection via query Parameter
ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the 'query' parameter in the search functionality. Attackers can submit malicious SQL payloads via GET or POST requests to the /search endpoint to extract sensitive...
CVE-2018-25204
The CVE-2018-25204 entry describes an SQL injection in Library CMS 1.0 where unauthenticated attackers can bypass authentication by injecting SQL into the username field of the admin login. The vulnerability stems from improper handling of the username input, allowing boolean-based blind SQL payl...
CVE-2018-25203 Online Store System CMS 1.0 SQL Injection via clientaccess
Online Store System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to index.php with the action=clientaccess parameter using boolean-based blin...
CVE-2018-25203
Online Store System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to index.php with the action=clientaccess parameter using boolean-based blin...
CVE-2018-25203 Online Store System CMS 1.0 SQL Injection via clientaccess
Online Store System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to index.php with the action=clientaccess parameter using boolean-based blin...
CVE-2018-25203
CVE-2018-25203 affects Online Store System CMS 1.0. The vulnerability is an SQL injection in the email field of index.php when action=clientaccess is supplied, allowing unauthenticated attackers to influence database queries and extract sensitive information via boolean-based blind or time-based ...
CVE-2018-25204 Library CMS 1.0 SQL Injection via admin login
Library CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can send POST requests to the admin login endpoint with boolean-based blind SQL injection payloads in the username...
CVE-2018-25204
Library CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can send POST requests to the admin login endpoint with boolean-based blind SQL injection payloads in the username...
CVE-2018-25202
SAT CFDI 3.3 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'id' parameter in the signIn endpoint. Attackers can submit POST requests with boolean-based blind, stacked queries, or time-based blind SQL injection payloa...
CVE-2018-25202 SAT CFDI 3.3 SQL Injection via signIn endpoint
SAT CFDI 3.3 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'id' parameter in the signIn endpoint. Attackers can submit POST requests with boolean-based blind, stacked queries, or time-based blind SQL injection payloa...
CVE-2018-25202 SAT CFDI 3.3 SQL Injection via signIn endpoint
SAT CFDI 3.3 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'id' parameter in the signIn endpoint. Attackers can submit POST requests with boolean-based blind, stacked queries, or time-based blind SQL injection payloa...
CVE-2018-25201
School Management System CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit malicious payloads using boolean-based blind SQL injection techniques...
CVE-2018-25201
The CVE-2018-25201 entry concerns the School Management System CMS 1.0. The connected sources confirm an SQL injection vulnerability in the admin login, exploitable via the username parameter on the processlogin endpoint to bypass authentication and log in as an administrator without valid creden...
CVE-2018-25195 Wecodex Hotel CMS 1.0 SQL Injection via Admin Login
Wecodex Hotel CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows unauthenticated attackers to bypass authentication by injecting SQL code. Attackers can submit malicious SQL payloads through the username parameter in POST requests to index.php with...
CVE-2018-25195
Wecodex Hotel CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows unauthenticated attackers to bypass authentication by injecting SQL code. Attackers can submit malicious SQL payloads through the username parameter in POST requests to index.php with...
CVE-2018-25185
Wecodex Restaurant CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the username parameter. Attackers can send POST requests to the login endpoint with malicious SQL payloads using boolean-based blin...
CVE-2018-25185
CVE-2018-25185 affects Wecodex Restaurant CMS 1.0. An SQL injection via the username parameter in the login endpoint permits unauthenticated attackers to manipulate queries and extract data using boolean-based or time-based blind techniques. Public references describe the vulnerability and show a...
CVE-2018-25195 Wecodex Hotel CMS 1.0 SQL Injection via Admin Login
Wecodex Hotel CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows unauthenticated attackers to bypass authentication by injecting SQL code. Attackers can submit malicious SQL payloads through the username parameter in POST requests to index.php with...
CVE-2018-25185 Wecodex Restaurant CMS 1.0 SQL Injection via Login
Wecodex Restaurant CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the username parameter. Attackers can send POST requests to the login endpoint with malicious SQL payloads using boolean-based blin...
CVE-2018-25195
CVE-2018-25195 describes an SQL injection vulnerability in Wecodex Hotel CMS 1.0, specifically in the admin login functionality. The issue allows unauthenticated attackers to bypass authentication by injecting SQL code via the username parameter in POST requests to index.php?action=processlogin, ...