Lucene search
K

14 matches found

CVE
CVE
added 2026/06/18 10:21 a.m.23 views

CVE-2026-54419

PIAF-HMS (PBX-In-A-Flash Hotel Management System) contains multiple unauthenticated SQL injection vulnerabilities. The app has no authentication and passes user-supplied HTTP parameters directly into deprecated mysql_query() calls via string concatenation, without sanitization, escaping, or param...

9.8CVSS5.8AI score0.00587EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/01/04 2:32 p.m.23 views

CVE-2023-50866 Travel Website v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginAction.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS10AI score0.00672EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/01/04 2:29 p.m.24 views

CVE-2023-50862 Travel Website v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS10AI score0.00672EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/01/04 1:53 p.m.20 views

CVE-2023-49633 Billing Software v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'buyeraddress' parameter of the buyerdetailsubmit.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS10AI score0.00672EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/12/21 11:26 p.m.27 views

CVE-2023-49689 Job Portal v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'JobId' parameter of the Employer/DeleteJob.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS10AI score0.00671EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/12/21 11:21 p.m.29 views

CVE-2023-49688 Job Portal v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtUser' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS10AI score0.00671EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/12/21 11:6 p.m.17 views

CVE-2023-49681 Job Portal v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cmbQual' parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS10AI score0.00671EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/11/07 9:2 p.m.21 views

CVE-2023-46789 Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'filename' attribute of the 'pic1' multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS8.2AI score0.00831EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/11/02 2:3 p.m.12 views

CVE-2023-45346 Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'role' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS8.2AI score0.007EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/11/02 1:8 p.m.17 views

CVE-2023-45323 Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'name' parameter of the routers/add-item.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS8.1AI score0.007EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/09/28 9:44 p.m.14 views

CVE-2023-44164 Online Movie Ticket Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

The 'Email' parameter of the processlogin.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS9.7AI score0.00805EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/05/02 4:15 p.m.5 views

CVE-2022-0771

The SiteSuperCharger WordPress plugin before 5.2.0 does not validate, sanitise and escape various user inputs before using them in SQL statements via AJAX actions available to both unauthenticated and authenticated users, leading to Unauthenticated SQL Injections...

9.8CVSS5.6AI score0.01602EPSS
Exploits2References2
Cvelist
Cvelist
added 2021/06/21 7:18 p.m.16 views

CVE-2021-24361 GeoDirectory Location Manager < 2.1.0.10 - Multiple Unauthenticated SQL Injections

In the Location Manager WordPress plugin before 2.1.0.10, the AJAX action gdpopularlocationlist did not properly sanitise or validate some of its POST parameters, which are then used in a SQL statement, leading to unauthenticated SQL Injection issues...

10AI score0.01832EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2021/03/08 12:0 a.m.29 views

SuperStoreFinder & SuperInteractiveMaps - Unauthenticated SQL Injections

The ssf-social-action.php and sim-wp-data.php files from the respective superstorefinder-wp = 5.0.12 AND time-based blind query SLEEP Payload: action=selectwpid=1 AND SELECT 7900 FROM SELECTSLEEP5gxXh Type: UNION query Title: Generic UNION query NULL - 7 columns Payload: action=selectwpid=1 UNION...

1.7AI score
Exploits0References3Affected Software2
Rows per page
Query Builder