CVE-2021-3239

E-Learning System 1.0 suffers from an unauthenticated SQL injection vulnerability, which allows remote attackers to execute arbitrary code on the hosting web server and gain a reverse shell...

WordPress DiveBook plugin <= 1.1.4 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability found by Hooper Labs in WordPress DiveBook plugin versions = 1.1.4. Solution 2020-12-09 - we were unable to find a patched version of this plugin Last updated: 10 years ago...

CVE-2020-27481

An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin = 2.1.4 exists due to the usage of "wpajaxnopriv" call in WordPress, which allows any unauthenticated user to get access to the function "gdlrlmscancelbooking" where POST Parameter "id" was sent straight into SQL query witho...

Loginizer < 1.6.4 - Unauthenticated SQL Injection

The Loginizer WordPress plugin was found to be affected by an Unauthenticated SQL Injection vulnerability found by the security researcher mslavco. The vulnerability was triggered within the brute force protection functionality, which was enabled by default when the plugin was first installed. Wh...

Loginizer < 1.6.4 - Unauthenticated SQL Injection

The Loginizer WordPress plugin was found to be affected by an Unauthenticated SQL Injection vulnerability found by the security researcher mslavco. The vulnerability was triggered within the brute force protection functionality, which was enabled by default when the plugin was first installed. Wh...

WordPress RSVPMaker plugin <= 7.8.1 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability found by CBiu in WordPress RSVPMaker plugin versions = 7.8.1. Solution Update the WordPress RSVPMaker plugin to the latest available version at least 7.8.2...

CVE-2020-7356

CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinderseqid' in wayfindermeetinginput.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injectin...

Travel Booking < 2.8.4 - Unauthenticated SQL Injection

Unauthenticated SQL Injection via the locationid parameter sqlmap --url="https://example.com/search-rental-full-map/?locationid=1" -dbs --random-agent --time-sec=8 03:13:37 INFO resuming back-end DBMS 'mysql' sqlmap resumed the following injection points from stored session: --- Parameter:...

PT-2020-14545 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to disclose sensitive information on affected installations. Authentication is not required to exploit this issue. The flaw exists within the ajax mail...

WordPress Official MailerLite Sign Up Forms plugin <= 1.4.3 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability found by Dave WebARX in WordPress Official MailerLite Sign Up Forms plugin versions = 1.4.3. Solution Update the WordPress Official MailerLite Sign Up Forms plugin to the latest available version at least 1.4.4...

CVE-2019-18866

Unauthenticated SQL injection via the username in the login mechanism in Blaauw Remote Kiln Control through v3.00r4 allows a user to extract arbitrary data from the rkc database...

CVE-2020-5308

PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, as demonstrated by the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName parameter in add-product.php. Recent assessments: cinzinga at March 09, 2020...

CVE-2016-9488

ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injection. The attacker could extract users' password hashes, whi...

WordPress User Control plugin <=2.1.0 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability found by JustThomas in WordPress User Control plugin versions =2.1.0. Solution This plugin has been closed and is no longer available for download. Please Deactivate and delete...

CVE-2017-14743

Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL injection via the Username element in an XML document to /onvif/deviceservice, as demonstrated by reading the admin password...

osTicket 1.10 SQL Injection

ADVISORY INFORMATION ======================================== Title: osTicket v1.10 Unauthenticated SQL Injection Application: osTicket Bugs: SQL Injection Class: Sensitive Information disclosure Remotely Exploitable: Yes Authentication Required: NO Versions Affected: = v1.10 Technology: PHP...

osTicket 1.10 - SQL Injection (PoC)

osTicket 1.10 - SQL Injection PoC 1. ADVISORY INFORMATION ======================================== Title: osTicket v1.10 Unauthenticated SQL Injection Application: osTicket Bugs: SQL Injection Class: Sensitive Information disclosure Remotely Exploitable: Yes Authentication Required: NO Versions...

osTicket 1.10 - SQL Injection (PoC)

ADVISORY INFORMATION ======================================== Title: osTicket v1.10 Unauthenticated SQL Injection Application: osTicket Bugs: SQL Injection Class: Sensitive Information disclosure Remotely Exploitable: Yes Authentication Required: NO Versions Affected: = v1.10 Technology: PHP...

EyesOfNetwork (EON) 5.1 SQL Injection

Exploit Title: EyesOfNetwork EON 5.1 Unauthenticated SQL Injection in eonweb leading to remote root Google Dork: intitle:EyesOfNetwork intext:"sponsored by AXIANS" Date: 29/03/2017 Exploit Author: Dany Bach Vendor Homepage: https://www.eyesofnetwork.com/ Software Link:...

Schoolhos CMS 2.29 Multiple vulnerabilities / RCE Exploit

Exploit for php platform in category web applications \x0d\x0a-----------------------------26518470919255\x0d\x0a\x0d\x0a' \ 'http://HOST/PATH/elearningku/proses.php?pilih=guru&untukdi=upload' php file...