CVE-2025-50983

Readarr 0.4.15.2787 exposes a SQL Injection in the sortKey parameter of GET /api/v1/wanted/cutoff. The endpoint fails to sanitize user input, enabling arbitrary SQL execution against the backend SQLite DB. Exploitation was confirmed with sqlmap via stacked queries; a heavy query using SQLite RAND...

CVE-2025-50983

SQL Injection vulnerability exists in the sortKey parameter of the GET /api/v1/wanted/cutoff API endpoint in readarr 0.4.15.2787. The endpoint fails to properly sanitize user-supplied input, allowing attackers to inject and execute arbitrary SQL commands against the backend SQLite database. Sqlma...

AccPack Cop CMS 1.0 SQL Injection

============================================================================================================================================= | Title : AccPack Cop CMS v1.0 SQL injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64...

SQL Injection

Meshery is vulnerable to SQL Injection. The vulnerability is due to improper handling of the sort query parameter in the GetAllEvents function, allowing for SQL injection through stacked queries and the ATTACH DATABASE command...

SQL Injection

Meshery is vulnerable to SQL Injection. The vulnerability is due to improper handling of the order query parameter in the GetMeshSyncResourcesKinds function, allowing for SQL injection through stacked queries and the ATTACH DATABASE command...

UP-RESULT 0.1 2024 SQL Injection Vulnerability

Title: upresult0.1-2024 Multiple-SQLi Author: nu11secur1ty Vendor: https://www.mayurik.com/ Software: https://www.sourcecodester.com/php/15653/best-student-result-management-system-project-source-code-php-and-mysql-free-download Reference: https://portswigger.net/web-security/sql-injection...

UP-RESULT 0.1 2024 SQL Injection

Title: upresult0.1-2024 Multiple-SQLi Author: nu11secur1ty Date: 04/08/2024 Vendor: https://www.mayurik.com/ Software: https://www.sourcecodester.com/php/15653/best-student-result-management-system-project-source-code-php-and-mysql-free-download Reference:...

SQL injection in SegmentAssignmentController.php

Description An administrator user can use the inheritableSegments feature to execute his own blind SQL queries. Proof of Concept The vulnerable php code is in src/Controller/Admin/SegmentAssignmentController.php, on method inheritableSegments: The parameter type is not escaped and is added on the...

WorkOrder CMS 0.1.0 - SQL Injection

Exploit Title: WorkOrder CMS 0.1.0 - SQL Injection Date: Sep 22, 2022 Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/romzes13/WorkOrderCMS Software Link: https://github.com/romzes13/WorkOrderCMS/archive/refs/tags/v0.1.0.zip Version: 0.1.0 Tested on: Linux Auth Bypass: username...

WorkOrder CMS 0.1.0 - SQL Injection Vulnerability

Exploit Title: WorkOrder CMS 0.1.0 - SQL Injection Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/romzes13/WorkOrderCMS Software Link: https://github.com/romzes13/WorkOrderCMS/archive/refs/tags/v0.1.0.zip Version: 0.1.0 Tested on: Linux Auth Bypass: username:' or '1'='1...

Ghauri - An Advanced Cross-Platform Tool That Automates The Process Of Detecting And Exploiting SQL Injection Security Flaws

An advanced cross-platform tool that automates the process of detecting andexploiting SQL injection security flaws Requirements Python 3 Python pip3 Installation cd to ghauri directory. install requirements: python3 -m pip install --upgrade -r requirements.txt run: python3 setup.py install or...

CVE-2022-3059

The application was vulnerable to multiple instances of SQL injection authenticated and unauthenticated through a vulnerable parameter. Due to the stacked query support, complex SQL commands could be crafted and injected into the vulnerable parameter and using a sleep based inferential SQL...

PT-2022-20193 · Red Os · Red Os

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue allows for SQL injection, both authenticated and unauthenticated, through a vulnerable parameter. This parameter can be used to craft and inject complex SQL commands due t...

Online Reviewer System 2.4.0 SQL Injection

Sourcecodester-Online-Reviewer-System-2.4.0 SQL - 4 types of injection vulnerability Vendor Description: The password parameter appears of the Online Reviewer System 1.0 to be vulnerable to SQL injection attacks - 4 types of injection vulnerability. A single quote was submitted in the password...

Build Smart ERP 21.0817 - (eidValue) SQL Injection Vulnerability

Exploit Title: Build Smart ERP 21.0817 - 'eidValue' SQL Injection Unauthenticated Exploit Author: Nehru Sethuraman Vendor Homepage: https://ribccs.com/solutions/solution-buildsmart Version: 21.0817 Build: 3 Google Dorks: intitle:buildsmart accounting Tested on: OS - Windows 2012 R2 or 8.1 &...

Build Smart ERP 21.0817 SQL Injection

Exploit Title: Build Smart ERP 21.0817 - 'eidValue' SQL Injection Unauthenticated Date: 24/10/2021 Exploit Author: Nehru Sethuraman Vendor Homepage: https://ribccs.com/solutions/solution-buildsmart Version: 21.0817 Build: 3 Google Dorks: intitle:buildsmart accounting Tested on: OS - Windows 2012 ...

Cacti 1.2.12 SQL Injection / Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/hashes/identify' class MetasploitModule 'Cacti color filter authenticated SQLi to RCE', 'Description' = %q This module exploits a SQL...

Cacti 1.2.12 SQL Injection / Remote Command Execution Exploit

This Metasploit module exploits a SQL injection vulnerability in Cacti versions 1.2.12 and below. An admin can exploit the filter variable within color.php to pull arbitrary values as well as conduct stacked queries. With stacked queries, the pathphpbinary value is changed within the settings tab...

Fast PHP Chat 1.3 SQL Injection

Exploit Title: Fast PHP Chat 1.3 - 'myitemsearch' SQL Injection Date: 15/04/2021 Exploit Author: Fatih Coskun Vendor Homepage: https://codecanyon.net/item/fast-php-chat-responsive-live-ajax-chat/10721076 Version: 1.3 Category: Webapps Tested on: Kali linux Description : The vulnerability allows a...

Fast PHP Chat 1.3 - (my_item_search) SQL Injection Vulnerability

Exploit Title: Fast PHP Chat 1.3 - 'myitemsearch' SQL Injection Exploit Author: Fatih Coskun Vendor Homepage: https://codecanyon.net/item/fast-php-chat-responsive-live-ajax-chat/10721076 Version: 1.3 Category: Webapps Tested on: Kali linux Description : The vulnerability allows an attacker to...