16 matches found
CVE-2026-21856
The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8, a time based blind SQL injection vulnerability in the webhook edit and scanner api endpoints that allow an authenticated attacker to execute arbitrary SQL queries against th...
EUVD-2020-13577
Malware in sbrugna...
CVE-2025-40666 Time-based blind SQL injection vulnerability in TCMAN GIM v11
Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID parameter in/GIMWeb/PC/frmPreventivosList.aspx...
CVE-2025-40665 Time-based blind SQL injection vulnerability in TCMAN GIM v11
Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID parameter in /GIMWeb/PC/frmCorrectivosList.aspx...
CVE-2025-40665 Time-based blind SQL injection vulnerability in TCMAN GIM v11
Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID parameter in /GIMWeb/PC/frmCorrectivosList.aspx...
CVE-2018-1000890
FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter "filterType" in /attachments.php that can allow the attacker to grab the entire database of the application...
CVE-2017-11738
In Zoho ManageEngine Application Manager prior to 14.6 Build 14660, the 'haid' parameter of the '/auditLogAction.do' module is vulnerable to a Time-based Blind SQL Injection attack...
CVE-2025-32993
Vision Helpdesk through 5.7.0 allows Time-Based Blind SQL injection via the Forgot Password aka index.php?/home/forgot-password visusername parameter. Authentication is not needed...
CVE-2023-38221 Adobe Commerce | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)
Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability that could lead in arbitrary code execution by an admin-privileg...
eChat 1.0 SQL Injection Vulnerability
Exploit Title: eChat | Time-Based Blind SQL Injection Exploit Author: email protected Vendor Homepage: https://www.sourcecodester.com/php/10498/echat-simple-chat-system-app-using-phpmysql.html Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/echat.zip Version:...
flatCore CMS XSS / File Disclosure / SQL Injection
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: flatCore CMS vulnerable version: 2.0.0 Build 139 fixed version: Release 2.0.0 Build 139 CVE number: CVE-2021-23835, CVE-2021-23836,...
Pharmacy Medical Store and Sale Point 1.0 - (catid) SQL Injection Vulnerability
Exploit for php platform in category web applications Title: Pharmacy Medical Store and Sale Point 1.0 - 'catid' SQL Injection Exploit Author: Moaaz Taha 0xStorm Vendor Homepage: https://www.sourcecodester.com/php/14398/pharmacymedical-store-sale-point-using-phpmysql-bootstrap-framework.html...
CVE-2017-11738
In Zoho ManageEngine Application Manager prior to 14.6 Build 14660, the 'haid' parameter of the '/auditLogAction.do' module is vulnerable to a Time-based Blind SQL Injection attack...
CVE-2017-11738
In Zoho ManageEngine Application Manager prior to 14.6 Build 14660, the 'haid' parameter of the '/auditLogAction.do' module is vulnerable to a Time-based Blind SQL Injection attack...
Sql injection
There is a time-based blind SQL injection vulnerability in the Access Manager component before 9.18.040 and 10.x before 10.18.040 in ELO ELOenterprise 9 and 10 and ELOprofessional 9 and 10 that makes it possible to read all database content. The vulnerability exists in the ticket HTTP GET...
Cart Engine 3.0 XSS / Open Redirect / SQL Injection
=== Details === Quantum Leap Advisory: http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect/ Affected Product: Cart Engine Version: 3.0 === Executive Summary === SQL Injection: Using a specially crafted HTTP request, it is possible to exploi...