Human Resources Management System - Multiple SQL injection Vulnerability

A Blind SQL injection vulnerability in the login page /hrm/controller/login.php in Human Resources Management System allows remote unauthenticated attackers to execute remote command through arbitrary SQL commands by "name" parameter. Request PoC POST /hrm/controller/login.php HTTP/1.1 Host:...

U.S. Department of State: Time Based SQL Injection

A Time-Based SQL Injection vulnerability was identified on a website that uses WordPress CMS. The vulnerability was found in the search function of the website, where a gap was observed in the search results. The vulnerability allowed an attacker to inject malicious code and potentially access th...

Build App Online < 1.0.19 - Unauthenticated SQL Injection

The plugin does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection Additional plugins required: https://wordpress.org/plugins/wc-multivendor-marketplace/...

U.S. Dept Of Defense: Sql Injection At █████████

Description: Hi Security Team I Hope You Are Doing Well Sql Injection is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed. 1: Visit This Endpoint https://█████/ As You Can See This Website Using Asp.n...

OpenCart 3.x Newsletter Custom Popup 4.0 SQL Injection Vulnerability

Exploit Title: OpenCart v3.x So Newsletter Custom Popup Module - Blind SQL Injection Exploit Author: Saud Alenazi Vendor Homepage: https://www.opencart.com/ Software Link:...

Translatepress Multilinugal < 2.3.3 - Admin+ SQLi

The plugin is vulnerable to an authenticated SQL injection. By adding a new language via the settings page containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected. To exploit the vulnerability, someone must send a...

Translatepress Multilinugal < 2.3.3 - Admin+ SQLi

The plugin is vulnerable to an authenticated SQL injection. By adding a new language via the settings page containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected. PoC To exploit the vulnerability, someone must send a...

U.S. Dept Of Defense: SQL injection at [https://█████████] [HtUS]

Hello, Summary while doing test on www.███ I’ve found that the endpoint at /olc/███comments/commentpost.php is vulnerable with SQL injection vulnerability Vulnerable parameters - staffstudent POC - using sqlmap run command jsx python3 sqlmap.py --level=5 --risk=3 --tamper=space2comment...

U.S. Dept Of Defense: time based SQL injection at [https://███] [HtUS]

Hello, Summary while doing test on www.█████ I’ve found that the endpoint at /olc/setlogin.php is vulnerable with SQL injection vulnerability Vulnerable parameters - username - password POC - using time based to verify , submit the below request jsx POST /olc/setlogin.php HTTP/1.1 Host: www.█████...

U.S. Dept Of Defense: SQL injection at [█████████] [HtUS]

Hello, Summary while doing test on █████ I’ve found that the endpoint at /olc/set/m101/leasib.php is vulnerable with SQL injection vulnerability Vulnerable parameters - scn - SUBJECT - COURSEID POC 1. using sqlmap run command python3 sqlmap.py --level=5 --risk=3 --tamper=space2comment...

OpenCart 3.x So Filter Shop By SQL Injection

Exploit Title: OpenCart v3.x So Filter Shop By - Blind SQL Injection Date: 28/06/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.opencart.com/ Software Link: https://codecanyon.net/item/so-filter-shop-by-responsive-opencart-module/13945633 Version: V3.X Tested on: XAMPP, Linux...

Ingredient Stock Management System 1.0 SQL Injection

Exploit Title: Ingredient Stock Management System v1.0 - 'id' Blind SQL Injection Date: 28/05/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15364/ingredients-stock-management-system-phpoop-free-source-code.html...

Blockchain FiatExchanger 2.2.1 SQL Injection Vulnerability

Information Vulnerability Name : Remote Blind SQL Injections in Inout Blockchain FiatExchanger Product : Inout Blockchain FiatExchanger version : 2.2.1 Vendor Site : https://www.inoutscripts.com/products/inout-blockchain-fiatexchanger/ Exploit Detail :...

Blockchain AltExchanger 1.2.1 SQL Injection Vulnerability

Information Vulnerability Name : Multiple Remote SQL Injections in Inout Blockchain AltExchanger Product : Inout Blockchain AltExchanger version : 1.2.1 Vendor Site : https://www.inoutscripts.com/products/inout-blockchain-altexchanger/ Exploit Detail :...

OpenCart v3.x Newsletter Module - Blind SQLi

Exploit Title: OpenCart v3.x Newsletter Module - Blind SQLi Date: 19/05/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.opencart.com/ Software Link: https://www.opencart.com/index.php?route=marketplace/extension/info&extensionid=32750&filtermember=Zemez Version: v.3.0.2.0 Tested on...

Online Discussion Forum Site 1.0 SQL Injection

Exploit Title: Online Discussion Forum Site 1.0 - 'id' Blind SQL Injection Date: 15/05/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15337/online-discussion-forum-site-phpoop-free-source-code.html Version: 1.0...

T-Soft E-Commerce 4 - SQLi (Authenticated)

Exploit Title: T-Soft E-Commerce 4 - SQLi Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://www.tsoft.com.tr/ Version : v4 Tested on: Kali Linux Category: WebApp Google Dork: N/A CVE: 2022-28132 Date: 18.02.2022 Description Step-1: Login as Admin or...

T-Soft E-Commerce 4 SQL Injection

Exploit Title: T-Soft E-Commerce 4 - SQLi Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://www.tsoft.com.tr/ Version : v4 Tested on: Kali Linux Category: WebApp Google Dork: N/A CVE: 2022-28132 Date: 18.02.2022 Description Step-1: Login as Admin or...

Royal Event Management System 1.0 SQL Injection

Exploit Title: Royal Event Management System 1.0 - 'todate' SQL Injection Authenticated Date: 2022-26-03 Exploit Author: Eren Gozaydin Vendor Homepage: https://www.sourcecodester.com/php/15238/event-management-system-project-php-source-code.html Software Link:...

Royal Event Management System 1.0 - &#039;todate&#039; SQL Injection (Authenticated)

Exploit Title: Royal Event Management System 1.0 - 'todate' SQL Injection Authenticated Date: 2022-26-03 Exploit Author: Eren Gozaydin Vendor Homepage: https://www.sourcecodester.com/php/15238/event-management-system-project-php-source-code.html Software Link:...