Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

737 matches found

Packet Storm
Packet Stormadded 2021/05/18 12:0 a.m.209 views

EgavilanMedia PHPCRUD 1.0 SQL Injection

Exploit Title: EgavilanMedia PHPCRUD 1.0 - 'First Name' SQL Injection Date: 5/17/2021 Exploit Author: Dimitrios Mitakos Vendor Homepage: https://egavilanmedia.com Software Link: https://egavilanmedia.com/crud-operation-with-php-mysql-bootstrap-and-dompdf/ Version: 1.0 Tested on: Debian GNU/Linux ...

1.2AI score
Exploits0
Exploit DB
Exploit DBadded 2021/05/18 12:0 a.m.249 views

EgavilanMedia PHPCRUD 1.0 - 'First Name' SQL Injection

Exploit Title: EgavilanMedia PHPCRUD 1.0 - 'First Name' SQL Injection Date: 5/17/2021 Exploit Author: Dimitrios Mitakos Vendor Homepage: https://egavilanmedia.com Software Link: https://egavilanmedia.com/crud-operation-with-php-mysql-bootstrap-and-dompdf/ Version: 1.0 Tested on: Debian GNU/Linux ...

7.4AI score
Exploits0
0day.today
0day.todayadded 2021/05/18 12:0 a.m.24 views

EgavilanMedia PHPCRUD 1.0 - (First Name) SQL Injection Vulnerability

Exploit Title: EgavilanMedia PHPCRUD 1.0 - 'First Name' SQL Injection Exploit Author: Dimitrios Mitakos Vendor Homepage: https://egavilanmedia.com Software Link: https://egavilanmedia.com/crud-operation-with-php-mysql-bootstrap-and-dompdf/ Version: 1.0 Tested on: Debian GNU/Linux 10 Vulnerable...

1.2AI score
Exploits0
0day.today
0day.todayadded 2021/05/17 12:0 a.m.26 views

Printable Staff ID Card Creator System 1.0 - SQL injection / RCE via Arbitrary File Upload

Exploit Title: Printable Staff ID Card Creator System 1.0 - SQLi & RCE via Arbitrary File Upload Exploit Author : bwnz Software Link: https://www.sourcecodester.com/php/12802/php-staff-id-card-creation-and-printing-system.html Version: 1.0 Tested on: Ubuntu 20.04.2 LTS Printable Staff ID Card...

1.3AI score
Exploits0
Exploit DB
Exploit DBadded 2021/05/17 12:0 a.m.266 views

Printable Staff ID Card Creator System 1.0 - 'email' SQL Injection

Exploit Title: Printable Staff ID Card Creator System 1.0 - SQLi & RCE via Arbitrary File Upload Date: 2021-05-16 Exploit Author : bwnz Software Link: https://www.sourcecodester.com/php/12802/php-staff-id-card-creation-and-printing-system.html Version: 1.0 Tested on: Ubuntu 20.04.2 LTS Printable...

7.4AI score
Exploits0
Packet Storm
Packet Stormadded 2021/05/08 12:0 a.m.208 views

PHP Timeclock 1.04 SQL Injection

Exploit Title: PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection Date: 03.05.2021 Exploit Author: Tyler Butler Vendor Homepage: http://timeclock.sourceforge.net Software Link: https://sourceforge.net/projects/timeclock/files/PHP%20Timeclock/PHP%20Timeclock%201.04/ Version: 1.04 Test...

0.5AI score
Exploits0
wpexploit
wpexploitadded 2021/04/26 12:0 a.m.120 views

Goto < 2.1 - Unauthenticated Blind SQL Injection

The theme did not sanitise, validate of escape the keywords GET parameter from its listing page before using it in a SQL statement, leading to an Unauthenticated SQL injection issue sqlmap --url="https://example.com/tour-list/?keywords=13&startdate=13" --random-agent -dbs --level=3 --threads=4...

9.8CVSS1.8AI score0.01021EPSS
Exploits2References1
WPVulnDB
WPVulnDBadded 2021/04/26 12:0 a.m.27 views

Goto < 2.1 - Unauthenticated Blind SQL Injection

The theme did not sanitise, validate of escape the keywords GET parameter from its listing page before using it in a SQL statement, leading to an Unauthenticated SQL injection issue PoC sqlmap --url="https://example.com/tour-list/?keywords=13date=13" --random-agent -dbs --level=3 --threads=4...

9.8CVSS0.5AI score0.01021EPSS
Exploits2References1Affected Software1
0day.today
0day.todayadded 2021/04/14 12:0 a.m.54 views

CITSmart ITSM 9.1.2.27 - (query) Time-based Blind SQL Injection (Authenticated) Vulnerability

Exploit Title: CITSmart ITSM 9.1.2.27 - 'query' Time-based Blind SQL Injection Authenticated Google Dork: "citsmart.local" Exploit Author: skysbsb Vendor Homepage: https://docs.citsmart.com/pt-br/citsmart-platform-9/get-started/about-citsmart/release-notes.html Version: = 9.1.2.28 Vendor has...

8.8CVSS0.6AI score0.04018EPSS
Exploits3
Packet Storm
Packet Stormadded 2021/04/01 12:0 a.m.393 views

School Registration And Fee System 1.0 SQL Injection

Exploit Title: School Registration and Fee System | 'username ' Blind SQL Injection Exploit Author: Richard Jones Date: 01-04-2021 Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/10932/school-registration-and-fee-system.html Version: 1.0 Tested O...

Exploits0
0day.today
0day.todayadded 2021/03/29 12:0 a.m.28 views

Project Expense Monitoring System 1.0 SQL Injection Vulnerability

Exploit Title: Project Expense Monitoring System | SQL Login Bypass Multiple Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/14001/project-expense-monitoring-system-project-php-source-code-2020.html Software Link:...

0.1AI score
Exploits0
Packet Storm
Packet Stormadded 2021/03/29 12:0 a.m.308 views

Project Expense Monitoring System 1.0 SQL Injection

Exploit Title: Project Expense Monitoring System | SQL Login Bypass Multiple Exploit Author: Richard Jones Date: 2021-03-28 Vendor Homepage: https://www.sourcecodester.com/php/14001/project-expense-monitoring-system-project-php-source-code-2020.html Software Link:...

0.1AI score
Exploits0
0day.today
0day.todayadded 2021/03/19 12:0 a.m.23 views

Online News Portal 1.0 - (name) SQL Injection Vulnerability

Exploit Title: Online News Portal 1.0 - 'name' SQL Injection Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/14741/online-news-portal-using-phpmysqli-free-download-source-code.html Software Link:...

0.2AI score
Exploits0
GithubExploit
GithubExploitadded 2021/03/18 12:22 a.m.119 views

Exploit for SQL Injection in Icegram Email_Subscribers_\&_Newsletters

CVE-2019-20361-EXPLOIT There was a flaw in the WordPress plugi...

9.8CVSS8.6AI score0.2812EPSS
Exploits7
0day.today
0day.todayadded 2021/03/18 12:0 a.m.24 views

SEO Panel 4.8.0 - (order_col) Blind SQL Injection Vulnerability

Exploit Title: SEO Panel 4.8.0 - 'ordercol' Blind SQL Injection Exploit Author: Piyush Patil Vendor Homepage: https://www.seopanel.org/ Software Link: https://github.com/seopanel/Seo-Panel/releases/tag/4.8.0 Version: 4.8.0 Reference - https://github.com/seopanel/Seo-Panel/issues/209 Step 1 - Logi...

0.3AI score
Exploits0
wpexploit
wpexploitadded 2021/03/15 12:0 a.m.104 views

Tutor LMS < 1.7.7 - SQL Injection via tutor_mark_answer_as_correct

The tutormarkanswerascorrect AJAX action from the plugin was vulnerable to blind and time based SQL injections that could be exploited by students. python3 sqlmap.py -r /tutortime.txt --dbms=mysql --technique=T -p answerid --dump Where tutortime.txt is POST /wp-admin/admin-ajax.php HTTP/1.1 Host:...

4CVSS1AI score0.00449EPSS
Exploits2References1
wpexploit
wpexploitadded 2021/03/15 12:0 a.m.111 views

Tutor LMS < 1.8.3 - SQL Injection via tutor_quiz_builder_get_answers_by_question

The tutorquizbuildergetanswersbyquestion AJAX action from the plugin was vulnerable to UNION based SQL injection that could be exploited by students. python3 sqlmap.py -r /tutorunion.txt --dbms=mysql --technique=U -p questionid --dump Where tutorunion.txt is POST /wp-admin/admin-ajax.php HTTP/1.1...

4CVSS1.2AI score0.07632EPSS
Exploits2References1
0day.today
0day.todayadded 2021/03/15 12:0 a.m.45 views

Zenario CMS 8.8.53370 - (id) Blind SQL Injection Vulnerability

Exploit Title: Zenario CMS 8.8.53370 - 'id' Blind SQL Injection Exploit Author: Balaji Ayyasamy Vendor Homepage: https://zenar.io/ Software Link: https://github.com/TribalSystems/Zenario/releases/tag/8.8 Version: 8.8.53370 Tested on: Windows 10 Pro 19041 x6486 + XAMPP 7.4.14 Reference -...

0.2AI score
Exploits0
Packet Storm
Packet Stormadded 2021/03/04 12:0 a.m.162 views

Online Ordering System 1.0 SQL Injection

Exploit Title: Online Ordering System 1.0 - Blind SQL Injection Unauthenticated Date: 2021-03-04 Exploit Author: Suraj Bhosale Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/5125/online-ordering-system-using-phpmysql.html Version: v1.0 Vulnerable...

Exploits0
Exploit DB
Exploit DBadded 2021/03/04 12:0 a.m.206 views

Online Ordering System 1.0 - Blind SQL Injection (Unauthenticated)

Exploit Title: Online Ordering System 1.0 - Blind SQL Injection Unauthenticated Date: 2021-03-04 Exploit Author: Suraj Bhosale Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/5125/online-ordering-system-using-phpmysql.html Version: v1.0 Vulnerable...

7.4AI score
Exploits0
Rows per page
Query Builder