Fast PHP Chat 1.3 - (my_item_search) SQL Injection Vulnerability

Exploit Title: Fast PHP Chat 1.3 - 'myitemsearch' SQL Injection Exploit Author: Fatih Coskun Vendor Homepage: https://codecanyon.net/item/fast-php-chat-responsive-live-ajax-chat/10721076 Version: 1.3 Category: Webapps Tested on: Kali linux Description : The vulnerability allows an attacker to...

Project Expense Monitoring System 1.0 SQL Injection

Exploit Title: Project Expense Monitoring System | SQL Login Bypass Multiple Exploit Author: Richard Jones Date: 2021-03-28 Vendor Homepage: https://www.sourcecodester.com/php/14001/project-expense-monitoring-system-project-php-source-code-2020.html Software Link:...

MyBB 1.8.25 - Poll Vote Count SQL Injection

Exploit Title: MyBB 1.8.25 - Poll Vote Count SQL Injection Exploit Author: SivertPL [email protected] Date: 20.03.2021 Description: Lack of sanitization in the "votes" parameter in "Edit Poll" causes a second-order semi-blind SQL Injection that is triggered when performing a "Move/Copy"...

SQLMap v1.4.9 - Automatic SQL Injection And Database Takeover Tool

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...

DEBIAN-CVE-2020-14295

A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries...

Sql injection

A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries...

CVE-2020-14295

A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries...

CVE-2020-14295

A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries...

dotCMS 5.1.5: Exploiting H2 SQL injection to RCE

Impact The SQL injection vulnerability can be exploited as an unauthenticated attacker via CSRF or as a user of the role Publisher. An attacker is able to execute stacked SQL queries which means it is possible to manipulate arbitrary database entries and even execute shell commands when the H2...

WebOfisi E-Ticaret V4 - urun SQL Injection

WebOfisi E-Ticaret V4 - urun SQL Injection Exploit Title: WebOfisi E-Ticaret V4 - 'urun' SQL Injection Date: 2018-11-21 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.web-ofisi.com Software Demo: http://demobul.net/eticaretv4/ Software Link:...

WebOfisi E-Ticaret V4 - urun SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: WebOfisi E-Ticaret V4 - 'urun' SQL Injection Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.web-ofisi.com Software Demo: http://demobul.net/eticaretv4/ Software Link:...

Rausoft ID.prove SQL Injection Vulnerability

Rausoft ID.prove is a list auditing module. The module is capable of auditing and tracking a company's customer, supplier and employee information against a blacklist. A SQL injection vulnerability exists in the login page of Rausoft ID.prove version 2.95. A remote attacker can exploit this...

CVE-2018-16659

An issue was discovered in Rausoft ID.prove 2.95. The login page allows SQL injection via Microsoft SQL Server stacked queries in the Username POST parameter. Hypothetically, an attacker can utilize master..xpcmdshell for the further privilege elevation...

Sql injection

An issue was discovered in Rausoft ID.prove 2.95. The login page allows SQL injection via Microsoft SQL Server stacked queries in the Username POST parameter. Hypothetically, an attacker can utilize master..xpcmdshell for the further privilege elevation...

CVE-2018-16659

An issue was discovered in Rausoft ID.prove 2.95. The login page allows SQL injection via Microsoft SQL Server stacked queries in the Username POST parameter. Hypothetically, an attacker can utilize master..xpcmdshell for the further privilege elevation...

Rausoft ID.prove 2.95 SQL Injection

Exploit Title: Rausoft ID.prove 2.95 - 'Username' SQL injection Google Dork: inurl:IdproveWebclient Date: 2018-09-26 Exploit Author: Ilya Timchenko, Mercedes pay S.A. Vendor Homepage: https://www.idprove.de Software Link:...

Rausoft ID.prove 2.95 - Username SQL injection Vulnerability

Exploit for windows platform in category web applications Exploit Title: Rausoft ID.prove 2.95 - 'Username' SQL injection Google Dork: inurl:IdproveWebclient Exploit Author: Ilya Timchenko, Mercedes pay S.A. Vendor Homepage: https://www.idprove.de Software Link:...

mooSocial Store Plugin 2.6 - SQL Injection

Exploit Title: mooSocial Store Plugin 2.6 - SQL Injection Exploit Author: Andrea Bocchetti Date: 2018-08-28 Google Dork: N/A - Vendor: https://moosocial.com/product/store-plugins/ Software Link: https://moosocial.com/product/store-plugins/ Demo URL: http://addons.moosocial.com/stores Purchase lin...

Sokial Social Network Script 1.0 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Sokial Social Network Script 1.0 - SQL Injection Vendor Homepage: http://www.sokial.net/ Software http://www.sokial.net/demonstrations-social-network.sk Demo: http://demo.sokial.net/ Version: 1.0 Category: Webapps Tested on:...

SQLMap v1.1.8 - Automatic SQL Injection And Database Takeover Tool

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...