CVE-2021-28022

Blind SQL injection in the login form in ServiceTonic Helpdesk software 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries...

CVE-2021-28022

CVE-2021-28022 affects ServiceTonic Helpdesk software prior to 9.0.35937. The root cause is a blind SQL injection in the login form, allowing an attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries. Affected product: ServiceTonic Helpdesk. Impact stated i...

Online Motorcycle (Bike) Rental System 1.0 SQL Injection

Exploit Title: Online Motorcycle Bike Rental System 1.0 - Blind Time-Based SQL Injection Unauthenticated Exploit Author: Chase ComardelleCASO Date: October 18, 2021 Vendor Homepage: https://www.sourcecodester.com/php/14989/online-motorcycle-bike-rental-system-phpoop-source-code.html Software Link...

Kliqqi-Cms SQL注入漏洞

Kliqqi-Cms is an open source Cms that provides social publishing software. Kliqqi-Cms suffers from a SQL injection vulnerability that stems from a time-based SQL injection vulnerability in the $recordIDValue parameter in the adminupdatemodulewidgets.php file in version 2.0.2 of Kliqqi-Cms...

Poll Maker < 3.4.2 - Unauthenticated Time Based SQL Injection

The plugin allows unauthenticated users to perform SQL injection via the aysfinishpoll AJAX action. While the result is not disclosed in the response, it is possible to use a timing attack to exfiltrate data such as password hash. This requires a valid nonce, which can be obtained by going to a...

CVE-2021-36621

Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulnerable to SQL Injection. The username parameter is vulnerable to time-based SQL injection. Upon successful dumping the admin password hash, an attacker can decrypt and obtain the plain-text password. Hence, the attacker could...

CVE-2021-36621

CVE-2021-36621 affects Sourcecodester Online Covid Vaccination Scheduler System 1.0. The vulnerability is a SQL Injection in the username parameter, described as a time-based injection that can dump the admin password hash and allow an attacker to decrypt it to obtain the plaintext password, enab...

PEEL Shopping 9.3.0 - (id) Time-based SQL Injection Vulnerability

Exploit Title: PEEL Shopping 9.3.0 - 'id' Time-based SQL Injection Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://www.peel.fr Software Link: https://sourceforge.net/projects/peel-shopping/files/peel-shopping930.zip/download Version: prior to 9.4.0 Tested on:...

CVE-2021-24185

The tutorplacerating AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students...

CVE-2021-24185 Tutor LMS < 1.7.7 - SQL Injection via tutor_place_rating

The tutorplacerating AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students...

CVE-2020-35151

CVE-2020-35151 affects The Online Marriage Registration System 1.0. The vulnerability is a Time-Based SQL Injection in the post parameter searchdata of user/search.php (and noted in admin/search.php in the exploit). Root cause: lack of input validation for searchdata, enabling attacker-controlled...

CVE-2020-35151

The Online Marriage Registration System 1.0 post parameter "searchdata" in the user/search.php request is vulnerable to Time Based Sql Injection...

CVE-2020-35545

Time-based SQL injection exists in Spotweb 1.4.9 via the query string...

CVE-2020-26944

An issue was discovered in Aptean Product Configurator 4.61.0000 on Windows. A Time based SQL injection affects the nameTxt parameter on the main login page aka cse?cmd=LOGIN. This can be exploited directly, and remotely...

On the CMSMS SQL injection vulnerability in the reproduction and analysis and use-vulnerability and early warning-the black bar safety net

CMS Made SimpleCMSMSis a simple and convenient content management system which uses PHP, MySQL and Smarty template engine development, having a role-based rights management system, wizard-based installation and update mechanism, the system resources occupy less, while the included file management...

CVE-2017-11738

The CVE-2017-11738 entry concerns Zoho ManageEngine Application Manager affected before 14.6 Build 14660. The vulnerability is a Time-based Blind SQL Injection in the haid parameter of the /auditLogAction.do module, indicating a database query manipulation flaw that could disclose or alter data u...

CVE-2019-9053

An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1idlist parameter...

CVE-2019-7585

An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/PublicAction.class.php allows time-based SQL Injection via the param array parameter to the /index.php?m=public&a=checkemail URI...

CVE-2019-7568

An issue was discovered in baijiacms V4 that can result in time-based blind SQL injection to get data via the cate parameter in an index.php?act=index request...

Hasan MWB 1.0 Time-Based SQL Injection

=================================================== Hasan MWB v1.0 - Multiple Time-Based SQL Injections =================================================== Exploit Title: Hasan MWB v1.0 - Multiple Time-Based SQL Injections Date: 12-04-2018 Category: Webapps Author: Socket0x03 Alvaro J. Gene Email...