MTN Group: SQLi | in URL paths

The vulnerability summary is as follows: A SQL injection vulnerability was discovered in the customerId parameter of the URL path. The vulnerability was demonstrated by adding a quote in the customerId parameter, which resulted in an error indicating that the application was vulnerable to SQL...

C-MOR Video Surveillance 5.2401 / 6.00PL01 SQL Injection

Advisory ID: SYSS-2024-023 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401, 6.00PL01 Tested Versions: 5.2401, 6.00PL01 Vulnerability Type: SQL Injection CWE-89 Risk Level: High Solution Status: Open Manufacturer Notification: 2024-04-05 Solution Date: -...

Exploit for Cross-site Scripting in Dandulaney Dan\'S_Embedder_For_Google_Calendar

CVE-2023-51504 This is a dockerized reproduction of the MotoCM...

uListing < 2.0.4 - Unauthenticated SQL Injection

An Unauthenticated SQL Injection vulnerability was discovered in the plugin. Vulnerable parameters: custom. SQL Injection types: Error-based, Boolean-based Blind, Time-based Blind. PoC 1 | Unauthenticated SQL Injection | Tables: sqlmap...

服务接口存在sql注射漏洞，泄漏全国渠道和用户信息

简要描述： 服务接口存在sql注射漏洞，泄漏全国渠道和用户信息 详细说明： 1、访问http://t.ufida.com.cn/，发现存在大量的开放接口，对其中的GetVerSionJSON进行测试，发现存在sql注射漏洞。 2、注入的请求内容如下： POST /Service.asmx HTTP/1.1 Host: t.ufida.com.cn Content-Type: text/xml; charset=utf-8 Content-Length: length SOAPAction: "http://tempuri.org/GetVerSionJSON" u8 执行 sqlmap ...

Videos Tube 1.0 - Multiple SQL Injection Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Videos Tube SQL Injection and Remote Code Execution Google Dork: inurl:"single.php?url=" video Date: 05.05.2014 Exploit Author: Mustafa ALTINKAYNAK Vendor Homepage: http://www.phpscriptlerim.com Software Link:...