Lucene search
K

2786 matches found

Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.21 views

PT-2026-49288

Name of the Vulnerable Software and Affected Versions OpenSIPS Control Panel versions prior to 9.3.3 Description A Time-Based Blind SQL Injection in the alias management module allows authenticated attackers to execute arbitrary SQL commands. This occurs via the 'table' GET parameter in the 'alia...

8.8CVSS6.2AI score0.00361EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.29 views

CVE-2026-36670

A Time-Based Blind SQL Injection vulnerability in the aliasmanagement module of OpenSIPS Control Panel opensips-cp prior to version 9.3.3 allows authenticated attackers to execute arbitrary SQL commands via the 'table' GET parameter in aliasmanagement.php...

0.00361EPSS
Exploits1References1
CVE
CVE
added 2026/06/15 12:0 a.m.11 views

CVE-2026-36670

CVE-2026-36670: Time-based blind SQL injection in the OpenSIPS Control Panel (opensips-cp) alias_management module before version 9.3.3. Authenticated attackers can leverage the table parameter in alias_management.php to execute arbitrary SQL. Connected sources confirm the affected component is O...

8.8CVSS6.3AI score0.00361EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/06/13 4:29 p.m.91 views

Exploit for CVE-2026-42647

CVE-2026-42647 - JoomSport Unauthenticated Time-Based Blind SQ...

9.3CVSS6.8AI score0.01323EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.13 views

CVE-2026-3018

The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpmlsubscriberid’ parameter in all versions up to, and including, 4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

7.5CVSS5.8AI score0.01382EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/10 12:33 p.m.69 views

Exploit for SQL Injection in Glpi-Project Glpi

CVE-2023-36808 - GLPI Unauthenticated SQL Injection Vulner...

9.8CVSS8AI score0.47557EPSS
Exploits1
NVD
NVD
added 2026/06/10 10:16 a.m.19 views

CVE-2026-3018

The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpmlsubscriberid’ parameter in all versions up to, and including, 4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

7.5CVSS0.01382EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/10 8:28 a.m.14 views

EUVD-2026-35997

The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpmlsubscriberid’ parameter in all versions up to, and including, 4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

7.5CVSS5.7AI score0.01382EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/10 8:28 a.m.55 views

CVE-2026-3018 Newsletters <= 4.13 - Unauthenticated SQL Injection via wpmlsubscriber_id Parameter

The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpmlsubscriberid’ parameter in all versions up to, and including, 4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

7.5CVSS0.01382EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

WordPress plugin Newsletters SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.5CVSS5.7AI score0.01382EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2026/06/10 12:0 a.m.52 views

📄 Chatwoot 4.11.1 SQL Injection

This Metasploit module targets an authenticated SQL injection vulnerability in the conversation filtering functionality of Chatwoot instances up to version 4.11.1. ================================================================================================================================== |...

8.5CVSS5.6AI score0.00227EPSS
Exploits1
VulnCheck KEV
VulnCheck KEV
added 2026/06/10 12:0 a.m.10 views

VulnCheck KEV: CVE-2026-3018

The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpmlsubscriberid’ parameter in all versions up to, and including, 4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

7.5CVSS5.8AI score0.01382EPSS
In wildExploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.18 views

PT-2026-48398

Name of the Vulnerable Software and Affected Versions Newsletters plugin for WordPress versions prior to 4.14 Description The plugin is susceptible to time-based SQL Injection, a technique where an attacker sends queries that force the database to wait a specific amount of time before responding,...

7.5CVSS5.6AI score0.01382EPSS
Exploits0References7
NVD
NVD
added 2026/06/09 1:16 p.m.18 views

CVE-2017-20243

WordPress Car Park Booking Plugin version 13 October 17 contains a time-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the spaceid parameter. Attackers can send GET requests to the booking-page endpoint with...

8.8CVSS0.00262EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 11:48 a.m.30 views

CVE-2017-20246 KittyCatfish 2.2 Plugin for WordPress SQL Injection

KittyCatfish 2.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to read database contents by exploiting an unescaped GET parameter. Attackers can inject SQL code through the 'kcad' parameter in base.css.php or kittycatfish.php to extract sensiti...

8.8CVSS0.0027EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/09 11:48 a.m.12 views

CVE-2017-20246 KittyCatfish 2.2 Plugin for WordPress SQL Injection

KittyCatfish 2.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to read database contents by exploiting an unescaped GET parameter. Attackers can inject SQL code through the 'kcad' parameter in base.css.php or kittycatfish.php to extract sensiti...

8.8CVSS5.7AI score0.0027EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/09 11:48 a.m.32 views

CVE-2017-20243 WordPress Car Park Booking Plugin SQL Injection via space_id

WordPress Car Park Booking Plugin version 13 October 17 contains a time-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the spaceid parameter. Attackers can send GET requests to the booking-page endpoint with...

8.8CVSS0.00262EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/09 11:48 a.m.11 views

EUVD-2017-18969

WordPress Car Park Booking Plugin version 13 October 17 contains a time-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the spaceid parameter. Attackers can send GET requests to the booking-page endpoint with...

8.8CVSS5.7AI score0.00262EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 11:48 a.m.21 views

CVE-2017-20243

CVE-2017-20243 concerns the WordPress Car Park Booking Plugin. The initial report states a time-based SQL injection vulnerability in the plugin (version cited as of 17 Oct 2017) that allows unauthenticated attackers to manipulate database queries via the space_id parameter. By sending crafted GET...

8.8CVSS5.7AI score0.00262EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.14 views

PT-2026-47769

KittyCatfish 2.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to read database contents by exploiting an unescaped GET parameter. Attackers can inject SQL code through the 'kc ad' parameter in base.css.php or kittycatfish.php to extract...

8.8CVSS5.7AI score0.0027EPSS
Exploits0References5
Rows per page
Query Builder