Lucene search
K

1239 matches found

Nuclei
Nuclei
added yesterday55 views

BlueNet Technology Clinical Browsing System 1.2.1 - Sql Injection

A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/deleteStudy.php. The manipulation of the argument documentUniqueId leads to sql injection. It is possible to initiate the attack...

6.5CVSS6.5AI score0.12051EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday64 views

bloofoxCMS v0.5.2.1 - SQL Injection

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at admin/index.php?mode=user&action=edit. id: CVE-2023-34755 info: name: bloofoxCMS v0.5.2.1 - SQL Injection author: theamanrawat severity: critical description: | bloofox v0.5.2.1 was discovered to...

9.8CVSS7.1AI score0.04228EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday96 views

SupportCandy < 3.1.5 - Unauthenticated SQL Injection

The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks. id: CVE-2023-1730 info: name: SupportCandy 3.1.5 - Unauthenticated SQL Injection author:...

9.8CVSS7.1AI score0.40586EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday34 views

PHPJabbers Food Delivery Script - SQL Injection

PHPJabbers Food Delivery Script 3.0 has a SQL injection SQLi vulnerability in the "q" parameter of index.php. id: CVE-2023-40748 info: name: PHPJabbers Food Delivery Script - SQL Injection author: ritikchaddha severity: critical description: | PHPJabbers Food Delivery Script 3.0 has a SQL injecti...

9.8CVSS7AI score0.02904EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday75 views

Steveas WP Live Chat Shoutbox <= 1.4.2 - SQL Injection

The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. id: CVE-2023-1020 info: name: Steveas WP Live Chat Shoutbox = 1.4.2 - SQL...

9.8CVSS7.1AI score0.0499EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday65 views

1Panel SQL Injection - Authenticated

1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to...

9.8CVSS7.1AI score0.29396EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday103 views

ZoneMinder - SQL Injection

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61. id: CVE-2024-43360 info: name: ZoneMinder - SQL Injection author: s4e-io severity: critical...

9.8CVSS7AI score0.06222EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday55 views

DedeCMS 5.7 - SQL Injection

DedeCMS through 5.7 has SQL Injection via the $FILES superglobal to plus/recommend.php. id: CVE-2017-17731 info: name: DedeCMS 5.7 - SQL Injection author: j4vaovo severity: critical description: | DedeCMS through 5.7 has SQL Injection via the $FILES superglobal to plus/recommend.php. impact: |...

9.8CVSS7AI score0.13194EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday101 views

WordPress Easy Digital Downloads 3.1.0.2/3.1.0.3 - SQL Injection

WordPress Easy Digital Downloads plugin 3.1.0.2 and 3.1.0.3 contains a SQL injection vulnerability in the s parameter of its edddownloadsearch action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the...

9.8CVSS7.1AI score0.11172EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday54 views

bloofoxCMS v0.5.2.1 - SQL Injection

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings&page=tmpl&action=edit. id: CVE-2023-34753 info: name: bloofoxCMS v0.5.2.1 - SQL Injection author: theamanrawat severity: critical description: | bloofox v0.5.2.1 was...

9.8CVSS7.1AI score0.04228EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday55 views

Bank Locker Management System v1.0 - SQL Injection

A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. id: CVE-2023-0562 info:...

9.8CVSS6.7AI score0.44268EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday87 views

PrestaShop Theme Volty CMS Blog - SQL Injection

In the module 'Theme Volty CMS Blog' tvcmsblog up to versions 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions. id: CVE-2023-39650 info: name: PrestaShop Theme Volty CMS Blog - SQL Injection author: mastercho severity: critical description: | In the...

9.8CVSS7AI score0.03631EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday90 views

PrestaShop PireosPay - SQL Injection

In the module “PireosPay” pireospay up to version 1.7.9 from 01generator.com for PrestaShop, a guest can perform SQL injection in affected versions. id: CVE-2023-45375 info: name: PrestaShop PireosPay - SQL Injection author: MaStErChO severity: high description: | In the module “PireosPay”...

8.8CVSS7AI score0.38457EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday192 views

PrestaShop AdvancedPopupCreator - SQL Injection

In the module “Advanced Popup Creator” advancedpopupcreator from Idnovate for PrestaShop, a guest can perform SQL injection in affected versions. id: CVE-2023-27032 info: name: PrestaShop AdvancedPopupCreator - SQL Injection author: MaStErChO severity: critical description: | In the module...

9.8CVSS7AI score0.0304EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday146 views

Dolibarr ERP CMS `list.php` - SQL Injection

Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. id: CVE-2024-5315 info: name: Dolibarr ERP CMS list.php - SQL Injection author: rootxharsh,iamnoooob,pdresearch severity: critical description: | Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0....

9.1CVSS7.1AI score0.32872EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday32 views

IPS Community Suite - Unauthenticated SQL Injection

IPS Community Suite is vulnerable to unauthenticated SQL injection via the filter parameter in the /index.php?/store/ endpoint, allowing attackers to extract sensitive information from the database. id: CVE-2024-30163 info: name: IPS Community Suite - Unauthenticated SQL Injection author:...

9.8CVSS7AI score0.08676EPSS
Exploits3References2
Nuclei
Nuclei
added yesterday52 views

bloofoxCMS v0.5.2.1 - SQL Injection

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit. id: CVE-2023-34752 info: name: bloofoxCMS v0.5.2.1 - SQL Injection author: theamanrawat severity: critical description: | bloofox v0.5.2.1 was...

9.8CVSS7.1AI score0.04383EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday60 views

Bloofox v0.5.2.1 - SQL Injection

Bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit. id: CVE-2023-34756 info: name: Bloofox v0.5.2.1 - SQL Injection author: theamanrawat severity: critical description: | Bloofox v0.5.2.1 was...

9.8CVSS7.1AI score0.04228EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday122 views

WBCE 1.6.0 - SQL Injection

There is an sql injection vulnerability in "miniform module" which is a default module installed in the WBCE cms. It is an unauthenticated sqli so anyone could access it and takeover the whole database. In file "/modules/miniform/ajaxdeletemessage.php" there is no authentication check. On line 40...

9.8CVSS7AI score0.06096EPSS
Exploits3References3
Nuclei
Nuclei
added yesterday43 views

Old Age Home Management System v1.0 - SQL Injection

Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter. id: CVE-2023-33338 info: name: Old Age Home Management System v1.0 - SQL Injection author: Harsh severity: critical description: | Old Age Home Management 1.0 is vulnerable to SQL Injection via the username...

9.8CVSS7.1AI score0.03662EPSS
Exploits1References2
Rows per page
Query Builder