PT-2023-29413 · Unknown · Online Examination System

Name of the Vulnerable Software and Affected Versions: Online Examination System version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. Specifically, the subject parameter of the "feed.php" resource does not validate the characters received, sending th...

PT-2023-29522 · Unknown · Online Food Ordering System

Name of the Vulnerable Software and Affected Versions: Online Food Ordering System version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities in the Online Food Ordering System. Specifically, the role parameter of the routers/user-router.php resource does n...

PT-2023-29514 · Unknown · Online Food Ordering System

Name of the Vulnerable Software and Affected Versions: Online Food Ordering System version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. Specifically, the type parameter of the "routers/add-ticket.php" resource does not validate the characters receive...

CVE-2023-44267 Online Art Gallery v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'lnm' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-27260

Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...

CVE-2023-26581

Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...

PT-2023-21033 · Idweb · Idweb

Name of the Vulnerable Software and Affected Versions: IDWeb application versions 3.1.052 and earlier Description: The issue is related to an unauthenticated SQL injection in the GetRoomChanges method, allowing unauthenticated attackers to extract or modify all data. Recommendations: For versions...

CVE-2023-44164 Online Movie Ticket Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

The 'Email' parameter of the processlogin.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-43739 Online Book Store Project v1.0 - Unauthenticated SQL Injection (SQLi)

The 'bookisbn' parameter of the cart.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-43739 Online Book Store Project v1.0 - Unauthenticated SQL Injection (SQLi)

The 'bookisbn' parameter of the cart.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-4485

ARDEREG ​Sistema SCADA Central versions 2.203 and prior login page are vulnerable to an unauthenticated blind SQL injection attack. An attacker could manipulate the application's SQL query logic to extract sensitive information or perform unauthorized actions within the database. In this case, th...

PT-2023-7493 · Asus · Asus Rt-Ax92U

Name of the Vulnerable Software and Affected Versions: ASUS RT-AX92U affected versions not specified Description: This issue allows network-adjacent attackers to disclose sensitive information on affected ASUS RT-AX92U routers. The flaw exists within the mod webdav.so module, where the process do...

PT-2023-15409 · Unknown · Themefic Ultimate Addons For Contact Form 7

Name of the Vulnerable Software and Affected Versions: Themefic Ultimate Addons for Contact Form 7 plugin versions prior to 3.1.24 Description: The issue is related to an Unauth. SQL Injection SQLi vulnerability. This means that an attacker could potentially inject malicious SQL code into the...

PT-2023-12759 · Audiocodes · Audiocodes Device Manager Express

Name of the Vulnerable Software and Affected Versions: AudioCodes Device Manager Express versions through 7.8.20002.47752 Description: The issue is an unauthenticated SQL injection in the p parameter of the "process login.php" login form. This allows for potential exploitation without the need fo...

Companymaps 8.0 SQL Injection

Exploit Title: Unauthenticated SQL injection - Google Dork: - Date: 27.04.2023 - Exploit Author: Lucas Noki 0xPrototype - Vendor Homepage: https://github.com/vogtmh - Software Link: https://github.com/vogtmh/cmaps - Version: 8.0 - Tested on: Mac, Windows, Linux - CVE : CVE-2023-29809 Description:...

Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. Submit a message in the chatbox, intercept the request using Burp Suite for example. Edit the request to reflect this request:...

Wordfence Intelligence CE Weekly Vulnerability Report (Feb 13, 2023 to Feb 19, 2023)

Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence Community Edition. This database is continuously updated, maintained, and populated by Wordfences highly credentialed and experienced...

CVE-2022-47770

Serenissima Informatica Fast Checkin version v1.0 is vulnerable to Unauthenticated SQL Injection...

CVE-2022-47770

CVE-2022-47770 affects Serenissima Informatica Fast Checkin v1.0 and is due to an Unauthenticated SQL Injection vulnerability. The issue exposes high-severity impact across confidentiality, integrity, and availability (CVSS v3.1 base score 9.8, AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Documented det...

VulnCheck KEV: CVE-2023-23488

The Paid Memberships Pro WordPress Plugin, version 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route...