742 matches found
CVE-2026-8659
OS Command Injection vulnerability in Rapid7 InsightConnect SQLmap Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the apihost or apiport parameters during connection configuration due to insufficient input validation...
EUVD-2026-39152
OS Command Injection vulnerability in Rapid7 InsightConnect SQLmap Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the apihost or apiport parameters during connection configuration due to insufficient input validation...
CVE-2026-8659
OS Command Injection vulnerability in Rapid7 InsightConnect SQLmap Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the apihost or apiport parameters during connection configuration due to insufficient input validation...
CVE-2026-8659
CVE-2026-8659 describes an OS Command Injection in the Rapid7 InsightConnect SQLmap Plugin on Linux. The issue arises from insufficient input validation in connection configuration, allowing an authenticated attacker to execute arbitrary OS commands via the api_host or api_port parameters. The NV...
CVE-2026-8659 OS Command Injection in Rapid7 InsightConnect SQLmap Plugin
OS Command Injection vulnerability in Rapid7 InsightConnect SQLmap Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the apihost or apiport parameters during connection configuration due to insufficient input validation...
sqlmap-gui
SQLMAP GUI — Manual de Usuario Versión: 1.0.0 Platafo...
Dork2Sqlmap
Dork2Sqlmap A lightweight tool that let...
CVE-2021-47872
SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'ordercol' parameter. Attackers can use sqlmap to exploit the vulnerability and extract database information by...
QuerySniper
🎯 QuerySniper - Advanced Vulnerability Research Toolkit Query...
CVE-2025-50983
Readarr 0.4.15.2787 exposes a SQL Injection in the sortKey parameter of GET /api/v1/wanted/cutoff. The endpoint fails to sanitize user input, enabling arbitrary SQL execution against the backend SQLite DB. Exploitation was confirmed with sqlmap via stacked queries; a heavy query using SQLite RAND...
Linux Distros Unpatched Vulnerability : CVE-2020-9547
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to...
VulnCheck KEV: CVE-2020-9547
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig aka ibatis-sqlmap...
Feng Office 3.11.1.2 - SQL Injection
Exploit Title: Feng Office 3.11.1.2 - SQL Injection Date: 7/2024 Exploit Author: Andrey Stoykov Version: 3.11.1.2 Tested on: Ubuntu 22.04 Blog: http://msecureltd.blogspot.com SQL Injection: 1. Login to application 2. Click on "Workspaces" 3. Copy full URL 4. Paste the HTTP GET request into text...
jackson-databind: Serialization gadgets in ibatis-sqlmap
A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
CVE-2024-57278
A reflected Cross-Site Scripting XSS vulnerability exists in /webscan/sqlmap/index.html in QingScan =v1.8.0. The vulnerability is caused by improper input sanitization of the query parameter, allowing an attacker to inject malicious JavaScript payloads. When a victim accesses a crafted URL...
PHPJabbers Cinema Booking System 2.0 SQL Injection Vulnerability
CVE-2024-57430 An SQL injection vulnerability in the pjActionGetUser function of PHPJabbers Cinema Booking System v2.0 allows attackers to manipulate database queries via the column parameter. Exploiting this flaw can lead to unauthorized information disclosure, privilege escalation, or database...
MTN Group: SQLi | in URL paths
The vulnerability summary is as follows: A SQL injection vulnerability was discovered in the customerId parameter of the URL path. The vulnerability was demonstrated by adding a quote in the customerId parameter, which resulted in an error indicating that the application was vulnerable to SQL...
SmartAgent 1.1.0 SQL Injection Vulnerability
Exploit Title: SmartAgent v1.1.0 - Unauthenticated SQL Injection SQLi Exploit Author: Alter Prime Vendor Homepage: https://smarts-srlcom.com/, https://smartagent.com Version: Build v1.1.0 Tested on: Kali Linux An unauthenticated user can inject SQL queries through a POST request to the vulnerable...
SmartAgent 1.1.0 SQL Injection
Exploit Title: SmartAgent v1.1.0 - Unauthenticated SQL Injection SQLi Date: 01-10-2024 Exploit Author: Alter Prime Vendor Homepage: https://smarts-srlcom.com/, https://smartagent.com Version: Build v1.1.0 Tested on: Kali Linux An unauthenticated user can inject SQL queries through a POST request ...
Restaurant POS 1.0 SQL Injection
============================================================================================================================================= | Title : Restaurant POS v1.0 SQL injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bi...