216730 matches found
CVE-2019-25527
CVE-2019-25527 affects Inout EasyRooms Ultimate Edition v1.0. The vulnerability is an SQL injection in the numguest parameter, exploitable by sending crafted POST requests to the /search/searchdetailed endpoint. It is described as allowing unauthenticated attackers to manipulate queries, potentia...
CVE-2019-25526 Inout EasyRooms Ultimate Edition v1.0 SQL Injection via search
Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the location parameter. Attackers can send POST requests to the search/searchdetailed endpoint with malicious SQL payloa...
CVE-2019-25526
Inout EasyRooms Ultimate Edition v1.0 is vulnerable to SQL injection via the location parameter. Attackers can send POST requests to the search/searchdetailed endpoint with malicious SQL payloads to extract data or modify database contents. No remediation or fixed version is specified in the prov...
CVE-2019-25525
Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the guests parameter. Attackers can send POST requests to the search/rentals endpoint with malicious SQL payloads to...
CVE-2019-25525 Inout EasyRooms Ultimate Edition v1.0 SQL Injection via search
Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the guests parameter. Attackers can send POST requests to the search/rentals endpoint with malicious SQL payloads to...
CVE-2019-25524 XooGallery Lastest Latest SQL Injection via results.php
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to bypass authentication, extract sensitive data...
CVE-2019-25524
CVE-2019-25524 affects XooGallery Latest and is caused by an SQL injection in the p parameter to results.php. The vulnerability allows unauthenticated attackers to manipulate database queries, potentially bypassing authentication, extracting sensitive data, or modifying data. Exploitation details...
CVE-2019-25523
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requests to cat.php with malicious catid values to bypass authentication, extract sensitive data...
CVE-2019-25523
CVE-2019-25523 affects XooGallery Latest. The issue is an SQL injection in the cat_id parameter passed to cat.php, allowing unauthenticated attackers to influence database queries (bypass auth, extract/modify data) via GET requests. Root cause is unsanitized user input in SQL queries. The connect...
CVE-2019-25522 XooGallery Lastest Latest Multiple SQL Injections via photo.php
XooGallery Latest contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through the photoid parameter. Attackers can send GET requests to photo.php with malicious photoid values to extract sensitive data, bypass...
CVE-2019-25522 XooGallery Lastest Latest Multiple SQL Injections via photo.php
XooGallery Latest contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through the photoid parameter. Attackers can send GET requests to photo.php with malicious photoid values to extract sensitive data, bypass...
CVE-2019-25521 XooGallery Lastest Latest SQL Injection via gal.php gal_id
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the galid parameter. Attackers can send GET requests to gal.php with malicious galid values to extract sensitive database information or...
CVE-2019-25521
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the galid parameter. Attackers can send GET requests to gal.php with malicious galid values to extract sensitive database information or...
CVE-2019-25520 Jettweb PHP Hazir Haber Sitesi Scripti V1 Authentication Bypass
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. Attackers can submit SQL injection payloads in the username and...
CVE-2019-25520
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. Attackers can submit SQL injection payloads in the username and...
CVE-2019-25519 Jettweb PHP Hazir Haber Sitesi Scripti V1 SQL Injection
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the option parameter. Attackers can send POST requests to uyelik.php with crafted payloads in the option parameter to...
CVE-2019-25518
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the poll parameter. Attackers can send POST requests to arama.php with malicious SQL payloads in the poll parameter ...
CVE-2019-25517 Jettweb PHP Hazir Haber Sitesi Scripti V1 SQL Injection via haberarsiv.php
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send requests to haberarsiv.php with malicious cid values using UNION-based injecti...
CVE-2019-25518 Jettweb PHP Hazir Haber Sitesi Scripti V1 SQL Injection via arama.php
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the poll parameter. Attackers can send POST requests to arama.php with malicious SQL payloads in the poll parameter ...
CVE-2019-25516
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the galleryid parameter. Attackers can send GET requests to gallery.php with malicious galleryid values using...