204 matches found
PT-2025-51955
Name of the Vulnerable Software and Affected Versions Affiliate Me version 5.0.1 Description The software contains a SQL injection issue in the admin.php endpoint. Authenticated administrators can manipulate database queries through the id parameter using crafted union-based queries. This allows...
CVE-2024-58290
Xhibiter NFT Marketplace 1.10.2 contains a SQL injection vulnerability in the collections endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or...
CVE-2024-58290
Xhibiter NFT Marketplace 1.10.2 contains a SQL injection vulnerability in the collections endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or...
CVE-2024-58290 Xhibiter NFT Marketplace 1.10.2 SQL Injection via Collections Endpoint
Xhibiter NFT Marketplace 1.10.2 contains a SQL injection vulnerability in the collections endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or...
PT-2025-50744
Name of the Vulnerable Software and Affected Versions Xhibiter NFT Marketplace version 1.10.2 Description The Xhibiter NFT Marketplace software has a SQL injection issue in the collections endpoint. An attacker can manipulate database queries by using the id parameter. Boolean-based, time-based,...
CVE-2024-58276
Obi08/Enrollment System 1.0 contains a SQL injection vulnerability in the keyword parameter of /getsubject.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can use UNION-based injection to extract sensitive information from the users table including usernames...
EUVD-2025-201272
Obi08/Enrollment System 1.0 contains a SQL injection vulnerability in the keyword parameter of /getsubject.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can use UNION-based injection to extract sensitive information from the users table including usernames...
CVE-2024-58276 Obi08-Enrollment System 1.0 login.php SQL Injection
Obi08/Enrollment System 1.0 contains a SQL injection vulnerability in the keyword parameter of /getsubject.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can use UNION-based injection to extract sensitive information from the users table including usernames...
CVE-2024-58276
CVE-2024-58276 concerns Obi08/Enrollment System 1.0. A SQL injection vulnerability exists in the keyword parameter of /get_subject.php, allowing unauthenticated attackers to execute arbitrary SQL queries. The impact includes potential extraction of sensitive data from the users table (e.g., usern...
PT-2025-49132
Obi08/Enrollment System 1.0 contains a SQL injection vulnerability in the keyword parameter of /get subject.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can use UNION-based injection to extract sensitive information from the users table including usernames...
GHSA-9M7R-G8HG-X3VR SpiceDB: LookupResources with Multiple Entrypoints across Different Definitions Can Return Incomplete Results
Impact If your schema includes the following characteristics: 1. You have a permission defined in terms of a union + 1. That union references the same relation on both sides, but one side arrows to a different permission Then you might have missing LookupResources results when checking the...
gosql
gosql Auto...
CVE-2025-59816 Authenticated Union based SQL-injection in the search input field
This vulnerability allows attackers to directly query the underlying database, potentially retrieving all data stored in the Billing Admin database, including user credentials. User passwords are stored in plaintext, significantly increasing the severity of this issue...
CVE-2025-50972
SQL Injection vulnerability in AbanteCart 1.4.2, allows unauthenticated attackers to execute arbitrary SQL commands via the tmplid parameter to index.php. Three techniques have been demonstrated: error-based injection using a crafted FLOOR-based payload, time-based blind injection via SLEEP, and...
CVE-2025-50972
SQL Injection vulnerability in AbanteCart 1.4.2, allows unauthenticated attackers to execute arbitrary SQL commands via the tmplid parameter to index.php. Three techniques have been demonstrated: error-based injection using a crafted FLOOR-based payload, time-based blind injection via SLEEP, and...
CVE-2025-50972
SQL Injection vulnerability in AbanteCart 1.4.2, allows unauthenticated attackers to execute arbitrary SQL commands via the tmplid parameter to index.php. Three techniques have been demonstrated: error-based injection using a crafted FLOOR-based payload, time-based blind injection via SLEEP, and...
CVE-2025-50972
CVE-2025-50972 affects AbanteCart 1.4.2. The vulnerability is a SQL Injection in the unvalidated tmpl_id parameter sent to index.php, enabling unauthenticated attackers to execute arbitrary SQL commands. Documented techniques include error-based injections using a crafted FLOOR payload, time-base...
PT-2025-34876 · Unknown · Abantecart
Name of the Vulnerable Software and Affected Versions: AbanteCart version 1.4.2 Description: AbanteCart is susceptible to a SQL Injection issue. Unauthenticated attackers can execute arbitrary SQL commands via the tmpl id parameter in the index.php file. Exploitation techniques include error-base...
Exploit for SQL Injection in Eniture Ltl_Freight_Quotes
CVE-2024-13481 LTL Freight Quotes – R+L Carriers Edition = 5.6...
CVE-2024-3552
The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based...