Lucene search
K

216730 matches found

CVE
CVE
added 2026/03/12 3:36 p.m.13 views

CVE-2019-25527

CVE-2019-25527 affects Inout EasyRooms Ultimate Edition v1.0. The vulnerability is an SQL injection in the numguest parameter, exploitable by sending crafted POST requests to the /search/searchdetailed endpoint. It is described as allowing unauthenticated attackers to manipulate queries, potentia...

9.1CVSS5.9AI score0.00409EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/12 3:36 p.m.26 views

CVE-2019-25526 Inout EasyRooms Ultimate Edition v1.0 SQL Injection via search

Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the location parameter. Attackers can send POST requests to the search/searchdetailed endpoint with malicious SQL payloa...

8.8CVSS0.00346EPSS
Exploits1References2
CVE
CVE
added 2026/03/12 3:36 p.m.8 views

CVE-2019-25526

Inout EasyRooms Ultimate Edition v1.0 is vulnerable to SQL injection via the location parameter. Attackers can send POST requests to the search/searchdetailed endpoint with malicious SQL payloads to extract data or modify database contents. No remediation or fixed version is specified in the prov...

9.1CVSS5.9AI score0.00346EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/12 3:36 p.m.3 views

CVE-2019-25525

Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the guests parameter. Attackers can send POST requests to the search/rentals endpoint with malicious SQL payloads to...

8.8CVSS5.9AI score0.00409EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/12 3:36 p.m.24 views

CVE-2019-25525 Inout EasyRooms Ultimate Edition v1.0 SQL Injection via search

Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the guests parameter. Attackers can send POST requests to the search/rentals endpoint with malicious SQL payloads to...

8.8CVSS0.00409EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/12 3:36 p.m.2 views

CVE-2019-25524 XooGallery Lastest Latest SQL Injection via results.php

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to bypass authentication, extract sensitive data...

8.8CVSS5.9AI score0.00393EPSS
Exploits1References2
CVE
CVE
added 2026/03/12 3:36 p.m.9 views

CVE-2019-25524

CVE-2019-25524 affects XooGallery Latest and is caused by an SQL injection in the p parameter to results.php. The vulnerability allows unauthenticated attackers to manipulate database queries, potentially bypassing authentication, extracting sensitive data, or modifying data. Exploitation details...

9.1CVSS5.9AI score0.00393EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/12 3:36 p.m.2 views

CVE-2019-25523

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requests to cat.php with malicious catid values to bypass authentication, extract sensitive data...

8.8CVSS5.9AI score0.00393EPSS
Exploits1References2
CVE
CVE
added 2026/03/12 3:36 p.m.10 views

CVE-2019-25523

CVE-2019-25523 affects XooGallery Latest. The issue is an SQL injection in the cat_id parameter passed to cat.php, allowing unauthenticated attackers to influence database queries (bypass auth, extract/modify data) via GET requests. Root cause is unsanitized user input in SQL queries. The connect...

9.1CVSS5.9AI score0.00393EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/12 3:36 p.m.3 views

CVE-2019-25522 XooGallery Lastest Latest Multiple SQL Injections via photo.php

XooGallery Latest contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through the photoid parameter. Attackers can send GET requests to photo.php with malicious photoid values to extract sensitive data, bypass...

8.8CVSS5.9AI score0.00358EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/12 3:36 p.m.26 views

CVE-2019-25522 XooGallery Lastest Latest Multiple SQL Injections via photo.php

XooGallery Latest contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through the photoid parameter. Attackers can send GET requests to photo.php with malicious photoid values to extract sensitive data, bypass...

8.8CVSS0.00358EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/12 3:36 p.m.2 views

CVE-2019-25521 XooGallery Lastest Latest SQL Injection via gal.php gal_id

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the galid parameter. Attackers can send GET requests to gal.php with malicious galid values to extract sensitive database information or...

8.8CVSS5.9AI score0.00287EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/12 3:36 p.m.2 views

CVE-2019-25521

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the galid parameter. Attackers can send GET requests to gal.php with malicious galid values to extract sensitive database information or...

8.8CVSS5.9AI score0.00287EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/12 3:36 p.m.24 views

CVE-2019-25520 Jettweb PHP Hazir Haber Sitesi Scripti V1 Authentication Bypass

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. Attackers can submit SQL injection payloads in the username and...

8.8CVSS0.00432EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/12 3:36 p.m.3 views

CVE-2019-25520

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. Attackers can submit SQL injection payloads in the username and...

8.8CVSS5.8AI score0.00432EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/12 3:36 p.m.2 views

CVE-2019-25519 Jettweb PHP Hazir Haber Sitesi Scripti V1 SQL Injection

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the option parameter. Attackers can send POST requests to uyelik.php with crafted payloads in the option parameter to...

8.8CVSS6AI score0.00265EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/12 3:36 p.m.1 views

CVE-2019-25518

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the poll parameter. Attackers can send POST requests to arama.php with malicious SQL payloads in the poll parameter ...

8.8CVSS5.9AI score0.0036EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/12 3:36 p.m.22 views

CVE-2019-25517 Jettweb PHP Hazir Haber Sitesi Scripti V1 SQL Injection via haberarsiv.php

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send requests to haberarsiv.php with malicious cid values using UNION-based injecti...

8.8CVSS0.00451EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/12 3:36 p.m.0 views

CVE-2019-25518 Jettweb PHP Hazir Haber Sitesi Scripti V1 SQL Injection via arama.php

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the poll parameter. Attackers can send POST requests to arama.php with malicious SQL payloads in the poll parameter ...

8.8CVSS5.9AI score0.0036EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/12 3:36 p.m.1 views

CVE-2019-25516

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the galleryid parameter. Attackers can send GET requests to gallery.php with malicious galleryid values using...

8.8CVSS5.9AI score0.00439EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder