CVE-2025-6184 Tutor LMS Pro – eLearning and online course solution <= 3.7.0 - Authenticated (Tutor Instructor+) SQL Injection

The Tutor LMS Pro – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter used in the getsubmittedassignments function in all versions up to, and including, 3.7.0 due to insufficient escaping on the user supplied parameter an...

CVE-2025-5339

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘bsaproid’ parameter in all versions up to, and including, 4.89 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

CVE-2025-40666 Time-based blind SQL injection vulnerability in TCMAN GIM v11

Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID parameter in/GIMWeb/PC/frmPreventivosList.aspx...

CVE-2024-9874

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 5.4.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2021-43969

The login.jsp page of Quicklert for Digium 10.0.0 1043 is affected by both Blind SQL Injection with Out-of-Band Interaction DNS and Blind Time-Based SQL Injections. Exploitation can be used to disclose all data within the database up to and including the administrative accounts' login IDs and...

CVE-2020-35151

The Online Marriage Registration System 1.0 post parameter "searchdata" in the user/search.php request is vulnerable to Time Based Sql Injection...

CVE-2019-20613

An issue was discovered on Samsung mobile devices with N7.x and O8.x software. There is time-based SQL injection in Contacts. The Samsung ID is SVE-2018-13452 March 2019...

CVE-2025-46546

In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects api/gui/asset/list, /api/gui/files/export/csv/, /api/gui/files/list, /api/gui/process/export/csv, /api/gui/process/export/xlsx, /api/gui/process/listAll,...

CVE-2024-54447

Saved search functionality contains a blind SQL injection that can be exploited by authenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain...

CVE-2024-6265

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uwpsortby’ parameter in all versions up to, and including, 1.2.10 due to insufficient escaping on the user supplied...

CVE-2024-9874

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 5.4.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2024-9201

The SEUR plugin, in its versions prior to 2.5.11, is vulnerable to time-based SQL injection through the use of the ‘idorder’ parameter of the ‘/modules/seur/ajax/saveCodFee.php’ endpoint...

CVE-2024-9201

The SEUR Oficial plugin is affected by a time-based SQL injection in versions before 2.5.11, exploitable via the id_order parameter at /modules/seur/ajax/saveCodFee.php. Patch to 2.5.11+ (or later) to fix; the vulnerability is documented with high-severity CVSS metrics and patch status indicating...

U.S. Dept Of Defense: Time-based blind SQL injection

A time-based blind SQL injection vulnerability was discovered in the sortBy parameter of the web application's SearchDocs.aspx functionality. The vulnerability was identified by observing differences in the server's response time when specific payloads were used. This type of vulnerability could...

VICIdial Unauthenticated SQL Injection

Vulnerability Details Affected Vendor: VICIdial Affected Product: VICIdial Affected Version: 2.14-917a Platform: GNU/Linux CWE Classification: CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' CVE ID: CVE-2024-8503 2. Vulnerability Description An...

CVE-2024-7717

CVE-2024-7717 – In WP Events Manager for WordPress, there is a time-based SQL Injection in the order parameter affecting all versions up to 2.1.11. Exploitation requires Subscriber+ level authentication and can cause injection of additional SQL to extract sensitive data. According to connected RH...

UBUNTU-CVE-2024-43360

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61...

Simple Laboratory Management System 1.0 SQL Injection

Exploit Title: Simple Laboratory Management System - Manual Blind Time Based SQL Injection Exploit Description: A SQL Injection vulnerability in Computer Laboratory Management System v1.0 allows attackers to execute arbitrary SQL commands on the database server which causes the services to delay ...

CVE-2024-6265

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uwpsortby’ parameter in all versions up to, and including, 1.2.10 due to insufficient escaping on the user supplied...

PHPGurukul Daily Expenses Management System Security Vulnerability

PHPGurukul Daily Expenses Management System is a daily expenses management system from PHPGurukul, Inc. A security vulnerability exists in PHPGurukul Daily Expenses Management System version 1.0, which is caused by a time-based SQL injection vulnerability in the add-expense.php page, which can be...