CVE-2018-25379

CVE-2018-25379 affects Collectric CMU 1.0 and describes a boolean-based blind SQL injection in the login flow through the lang parameter. The vulnerability allows unauthenticated attackers to influence database queries during authentication, enabling extraction of sensitive data via time-based bl...

CVE-2026-23921 Blind, read-only SQL injection in Zabbix API via sortfield parameter

A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL selects via the sortfield parameter. Although query results are not returned directly, an attacker can exfiltrate arbitrary database data...

CVE-2019-25635

Zeeways Matrimony CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the profilelist endpoint. Attackers can inject SQL code via the upcast, smother, and sreligion parameters to extract sensitive database information usi...

Zabbix 安全漏洞

Zabbix is a set of open-source monitoring systems developed by Zabbix Inc. This system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. Zabbix has security vulnerabilities; one of these vulnerabilities stems from SQL injection in the sortfield paramete...

CVE-2019-25450

Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demandreasonid, and availabilityid in...

GHSA-CH7P-MPV4-4VG4 CoreShop Vulnerable to SQL Injection via Admin Reports

Affected Versions - CoreShop 4.1.2 Demo tested Demo | CoreShop - Earlier versions may also be affected if the same code path exists Summary A blind SQL injection vulnerability exists in the application that allows an authenticated administrator-level user to extract database contents using...

U.S. Dept Of Defense: SQL Injection

The application was found to have a blind SQL injection vulnerability in the 'filterevent' parameter. The vulnerability allowed an attacker to manipulate database queries and extract sensitive information from the database through time-based or boolean-based techniques, as the injection was blind...

commix

This is a PoC exploit for command injection attacks, specifically targeting web-based applications. The tool, named Commix, is designed to automate the process of testing web applications for command injection vulnerabilities. It can be used by web developers, penetration testers, or security...