sqlmap-gui

SQLMAP GUI — Manual de Usuario Versión: 1.0.0 Platafo...

Dork2Sqlmap

Dork2Sqlmap A lightweight tool that let...

CVE-2021-47872

SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'ordercol' parameter. Attackers can use sqlmap to exploit the vulnerability and extract database information by...

QuerySniper

🎯 QuerySniper - Advanced Vulnerability Research Toolkit Query...

CVE-2025-50983

Readarr 0.4.15.2787 exposes a SQL Injection in the sortKey parameter of GET /api/v1/wanted/cutoff. The endpoint fails to sanitize user input, enabling arbitrary SQL execution against the backend SQLite DB. Exploitation was confirmed with sqlmap via stacked queries; a heavy query using SQLite RAND...

Linux Distros Unpatched Vulnerability : CVE-2020-9547

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to...

VulnCheck KEV: CVE-2020-9547

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig aka ibatis-sqlmap...

Feng Office 3.11.1.2 - SQL Injection

Exploit Title: Feng Office 3.11.1.2 - SQL Injection Date: 7/2024 Exploit Author: Andrey Stoykov Version: 3.11.1.2 Tested on: Ubuntu 22.04 Blog: http://msecureltd.blogspot.com SQL Injection: 1. Login to application 2. Click on "Workspaces" 3. Copy full URL 4. Paste the HTTP GET request into text...

jackson-databind: Serialization gadgets in ibatis-sqlmap

A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

CVE-2024-57278

A reflected Cross-Site Scripting XSS vulnerability exists in /webscan/sqlmap/index.html in QingScan =v1.8.0. The vulnerability is caused by improper input sanitization of the query parameter, allowing an attacker to inject malicious JavaScript payloads. When a victim accesses a crafted URL...

PHPJabbers Cinema Booking System 2.0 SQL Injection Vulnerability

CVE-2024-57430 An SQL injection vulnerability in the pjActionGetUser function of PHPJabbers Cinema Booking System v2.0 allows attackers to manipulate database queries via the column parameter. Exploiting this flaw can lead to unauthorized information disclosure, privilege escalation, or database...

MTN Group: SQLi | in URL paths

The vulnerability summary is as follows: A SQL injection vulnerability was discovered in the customerId parameter of the URL path. The vulnerability was demonstrated by adding a quote in the customerId parameter, which resulted in an error indicating that the application was vulnerable to SQL...

SmartAgent 1.1.0 SQL Injection Vulnerability

Exploit Title: SmartAgent v1.1.0 - Unauthenticated SQL Injection SQLi Exploit Author: Alter Prime Vendor Homepage: https://smarts-srlcom.com/, https://smartagent.com Version: Build v1.1.0 Tested on: Kali Linux An unauthenticated user can inject SQL queries through a POST request to the vulnerable...

SmartAgent 1.1.0 SQL Injection

Exploit Title: SmartAgent v1.1.0 - Unauthenticated SQL Injection SQLi Date: 01-10-2024 Exploit Author: Alter Prime Vendor Homepage: https://smarts-srlcom.com/, https://smartagent.com Version: Build v1.1.0 Tested on: Kali Linux An unauthenticated user can inject SQL queries through a POST request ...

Restaurant POS 1.0 SQL Injection

============================================================================================================================================= | Title : Restaurant POS v1.0 SQL injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bi...

C-MOR Video Surveillance 5.2401 / 6.00PL01 SQL Injection

Advisory ID: SYSS-2024-023 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401, 6.00PL01 Tested Versions: 5.2401, 6.00PL01 Vulnerability Type: SQL Injection CWE-89 Risk Level: High Solution Status: Open Manufacturer Notification: 2024-04-05 Solution Date: -...

Webpay E-Commerce 1.0 SQL Injection

============================================================================================================================================= | Title : Webpay E-Commerce v1.0 SQL Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64...

Exploit for CVE-2024-44541

CVE-2024-44541: SQL Injection Vulnerability in Inventio Lite v...

Dolphin 7.4.2 Blind SQL Injection Vulnerability

Exploit Title: Blind SQL Injection - dolphinv7.4.2. Date: 8/2024 Exploit Author: Andrey Stoykov Version: 7.4.2 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2024/07/friday-fun-pentest-series-8-dolphinv742.html SQL Injection: Steps to Reproduce: 1. Navigate to "Builders" menu 2. Th...

Dolphin 7.4.2 Blind SQL Injection

Exploit Title: Blind SQL Injection - dolphinv7.4.2. Date: 8/2024 Exploit Author: Andrey Stoykov Version: 7.4.2 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2024/07/friday-fun-pentest-series-8-dolphinv742.html SQL Injection: Steps to Reproduce: 1. Navigate to "Builders" menu 2. Th...