Lucene search
K

216728 matches found

NVD
NVD
added 2026/03/12 4:16 p.m.4 views

CVE-2019-25526

Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the location parameter. Attackers can send POST requests to the search/searchdetailed endpoint with malicious SQL payloa...

9.1CVSS0.00346EPSS
Exploits1References2
NVD
NVD
added 2026/03/12 4:16 p.m.4 views

CVE-2019-25530

uHotelBooking System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the systempage GET parameter. Attackers can send crafted requests to index.php with malicious systempage values using time-based blind SQ...

8.8CVSS0.00335EPSS
Exploits0References2
NVD
NVD
added 2026/03/12 4:16 p.m.1 views

CVE-2019-25528

Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the property1 parameter. Attackers can send POST requests to the search/searchdetailed endpoint with malicious SQL...

9.1CVSS0.00401EPSS
Exploits1References2
NVD
NVD
added 2026/03/12 4:16 p.m.4 views

CVE-2019-25529

Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Attackers can send GET requests to the admin/edit.php endpoint with malicious 'page' values using boolean-based...

7.1CVSS0.00284EPSS
Exploits0References4
NVD
NVD
added 2026/03/12 4:16 p.m.2 views

CVE-2019-25524

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to bypass authentication, extract sensitive data...

9.1CVSS0.00393EPSS
Exploits1References2
NVD
NVD
added 2026/03/12 4:16 p.m.3 views

CVE-2019-25521

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the galid parameter. Attackers can send GET requests to gal.php with malicious galid values to extract sensitive database information or...

9.1CVSS0.00287EPSS
Exploits1References2
NVD
NVD
added 2026/03/12 4:16 p.m.5 views

CVE-2019-25522

XooGallery Latest contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through the photoid parameter. Attackers can send GET requests to photo.php with malicious photoid values to extract sensitive data, bypass...

9.1CVSS0.00358EPSS
Exploits1References2
NVD
NVD
added 2026/03/12 4:16 p.m.7 views

CVE-2019-25523

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requests to cat.php with malicious catid values to bypass authentication, extract sensitive data...

9.1CVSS0.00393EPSS
Exploits1References2
NVD
NVD
added 2026/03/12 4:16 p.m.3 views

CVE-2019-25518

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the poll parameter. Attackers can send POST requests to arama.php with malicious SQL payloads in the poll parameter ...

8.8CVSS0.0036EPSS
Exploits1References2
NVD
NVD
added 2026/03/12 4:16 p.m.3 views

CVE-2019-25519

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the option parameter. Attackers can send POST requests to uyelik.php with crafted payloads in the option parameter to...

8.8CVSS0.00265EPSS
Exploits1References2
NVD
NVD
added 2026/03/12 4:16 p.m.4 views

CVE-2019-25520

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. Attackers can submit SQL injection payloads in the username and...

9.8CVSS0.00432EPSS
Exploits1References2
NVD
NVD
added 2026/03/12 4:16 p.m.4 views

CVE-2019-25510

Jettweb PHP Hazir Haber Sitesi Scripti V2 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. Attackers can submit SQL injection payloads in the username and...

9.8CVSS0.00538EPSS
Exploits1References2
NVD
NVD
added 2026/03/12 4:16 p.m.4 views

CVE-2019-25511

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the videoid parameter. Attackers can send GET requests to fonksiyonlar.php with malicious videoid values using...

8.8CVSS0.00369EPSS
Exploits1References2
NVD
NVD
added 2026/03/12 4:16 p.m.4 views

CVE-2019-25513

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send GET requests to datagetir.php with malicious 'q' values using time-based blind...

9.8CVSS0.00564EPSS
Exploits1References2
NVD
NVD
added 2026/03/12 4:16 p.m.5 views

CVE-2019-25514

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive data...

9.8CVSS0.00512EPSS
Exploits1References2
NVD
NVD
added 2026/03/12 4:16 p.m.3 views

CVE-2019-25482

Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the arackategoriid parameter. Attackers can send POST requests to the endpoint with malicious SQL payloads to...

8.8CVSS0.00367EPSS
Exploits1References2
NVD
NVD
added 2026/03/12 4:16 p.m.2 views

CVE-2019-25488

Jettweb Hazir Rent A Car Scripti V4 contains multiple SQL injection vulnerabilities in the admin panel that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into the 'tur', 'id', and 'ozellikdil' parameters of the admin/index.php...

9.8CVSS0.00411EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/12 3:37 p.m.2 views

CVE-2019-25543

Netartmedia Real Estate Portal 5.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the page parameter. Attackers can submit POST requests to index.php with malicious SQL payloads in the page field to bypass...

8.8CVSS5.9AI score0.0046EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/12 3:37 p.m.4 views

CVE-2019-25543 Netartmedia Real Estate Portal 5.0 SQL Injection via index.php

Netartmedia Real Estate Portal 5.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the page parameter. Attackers can submit POST requests to index.php with malicious SQL payloads in the page field to bypass...

8.8CVSS5.9AI score0.0046EPSS
Exploits1References2
CVE
CVE
added 2026/03/12 3:37 p.m.9 views

CVE-2019-25543

Netartmedia Real Estate Portal 5.0 contains an unauthenticated SQL injection in the page parameter (via index.php) that allows attackers to manipulate queries, potentially bypass authentication and access or modify data. The vulnerability affects the server-side SQL handling of the page field. CV...

8.8CVSS5.9AI score0.0046EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder