216733 matches found
CVE-2019-25509 XooDigital Lastest Latest SQL Injection via results.php
XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to extract sensitive database information...
CVE-2019-25508 Jettweb Php Hazir Ilan Sitesi Scripti V2 SQL Injection via katgetir.php
Jettweb Php Hazir Ilan Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'kat' parameter. Attackers can send GET requests to the katgetir.php endpoint with malicious 'kat' values to...
CVE-2019-25508
Jettweb Php Hazir Ilan Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'kat' parameter. Attackers can send GET requests to the katgetir.php endpoint with malicious 'kat' values to...
CVE-2019-25508 Jettweb Php Hazir Ilan Sitesi Scripti V2 SQL Injection via katgetir.php
Jettweb Php Hazir Ilan Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'kat' parameter. Attackers can send GET requests to the katgetir.php endpoint with malicious 'kat' values to...
CVE-2019-25508
CVE-2019-25508 describes an SQL injection in the Jettweb Php Hazir Ilan Sitesi Scripti V2. The vulnerability arises from unsafely handling the GET parameter “kat” in the /katgetir.php endpoint, allowing unauthenticated attackers to manipulate queries and potentially exfiltrate database informatio...
CVE-2019-25488 Jettweb Hazir Rent A Car Scripti V4 SQL Injection via admin
Jettweb Hazir Rent A Car Scripti V4 contains multiple SQL injection vulnerabilities in the admin panel that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into the 'tur', 'id', and 'ozellikdil' parameters of the admin/index.php...
CVE-2019-25488
Jettweb Hazir Rent A Car Scripti V4 contains multiple SQL injection vulnerabilities in the admin panel that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into the 'tur', 'id', and 'ozellikdil' parameters of the admin/index.php...
CVE-2019-25488 Jettweb Hazir Rent A Car Scripti V4 SQL Injection via admin
Jettweb Hazir Rent A Car Scripti V4 contains multiple SQL injection vulnerabilities in the admin panel that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into the 'tur', 'id', and 'ozellikdil' parameters of the admin/index.php...
CVE-2019-25488
CVE-2019-25488 relates to Jettweb Hazir Rent A Car Scripti V4, where the admin panel is vulnerable to multiple SQL injection flaws. The weaknesses allow unauthenticated attackers to manipulate database queries via GET parameters in admin/index.php, specifically the tur , id , and ozellikdil input...
CVE-2019-25482 Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 SQL Injection
Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the arackategoriid parameter. Attackers can send POST requests to the endpoint with malicious SQL payloads to...
CVE-2019-25482 Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 SQL Injection
Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the arackategoriid parameter. Attackers can send POST requests to the endpoint with malicious SQL payloads to...
CVE-2019-25482
Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the arackategoriid parameter. Attackers can send POST requests to the endpoint with malicious SQL payloads to...
CVE-2019-25481
iScripts ReserveLogic contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the jqSearchDestination parameter. Attackers can send POST requests to the search endpoint with crafted SQL payloads to extract sensitiv...
CVE-2019-25479 Inout RealEstate Lastest SQL Injection via agentlistdetails
Inout RealEstate contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the city parameter. Attackers can send POST requests to the agents/agentlistdetails endpoint with malicious SQL payloads in the city paramete...
CVE-2019-25481
CVE-2019-25481 affects iScripts ReserveLogic. An SQL injection vulnerability exists in the jqSearchDestination parameter, allowing unauthenticated attackers to manipulate database queries by sending crafted POST requests to the search endpoint and potentially exfiltrate sensitive data. The issue ...
CVE-2019-25481 iScripts ReserveLogic Lastest SQL Injection via search endpoint
iScripts ReserveLogic contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the jqSearchDestination parameter. Attackers can send POST requests to the search endpoint with crafted SQL payloads to extract sensitiv...
CVE-2019-25479
Inout RealEstate contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the city parameter. Attackers can send POST requests to the agents/agentlistdetails endpoint with malicious SQL payloads in the city paramete...
CVE-2019-25479
Inout RealEstate contains an SQL injection vulnerability exploitable by unauthenticated attackers via the city parameter in a POST to agents/agentlistdetails. The issue allows manipulation of database queries and extraction of sensitive data, with the vulnerability assessed as high (CVSS 3.1: 8.2...
CVE-2019-25479 Inout RealEstate Lastest SQL Injection via agentlistdetails
Inout RealEstate contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the city parameter. Attackers can send POST requests to the agents/agentlistdetails endpoint with malicious SQL payloads in the city paramete...
CVE-2019-25473 Clinic Pro SQL Injection via monthly_expense_overview month Parameter
Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthlyexpenseoverview endpoint with crafted month values using boolean-based blind,...