Lucene search
K

204 matches found

Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.7 views

PT-2025-51955

Name of the Vulnerable Software and Affected Versions Affiliate Me version 5.0.1 Description The software contains a SQL injection issue in the admin.php endpoint. Authenticated administrators can manipulate database queries through the id parameter using crafted union-based queries. This allows...

8.7CVSS7.7AI score0.00307EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/12/12 10:17 p.m.6 views

CVE-2024-58290

Xhibiter NFT Marketplace 1.10.2 contains a SQL injection vulnerability in the collections endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or...

9.3CVSS7.7AI score0.00332EPSS
Exploits2References1
NVD
NVD
added 2025/12/11 10:15 p.m.4 views

CVE-2024-58290

Xhibiter NFT Marketplace 1.10.2 contains a SQL injection vulnerability in the collections endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or...

9.3CVSS0.00332EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2025/12/11 9:34 p.m.5 views

CVE-2024-58290 Xhibiter NFT Marketplace 1.10.2 SQL Injection via Collections Endpoint

Xhibiter NFT Marketplace 1.10.2 contains a SQL injection vulnerability in the collections endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or...

9.3CVSS7.3AI score0.00332EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.7 views

PT-2025-50744

Name of the Vulnerable Software and Affected Versions Xhibiter NFT Marketplace version 1.10.2 Description The Xhibiter NFT Marketplace software has a SQL injection issue in the collections endpoint. An attacker can manipulate database queries by using the id parameter. Boolean-based, time-based,...

9.3CVSS7.5AI score0.00332EPSS
Exploits2References8
RedhatCVE
RedhatCVE
added 2025/12/05 9:34 p.m.6 views

CVE-2024-58276

Obi08/Enrollment System 1.0 contains a SQL injection vulnerability in the keyword parameter of /getsubject.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can use UNION-based injection to extract sensitive information from the users table including usernames...

8.7CVSS8.3AI score0.00356EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/04 9:31 p.m.5 views

EUVD-2025-201272

Obi08/Enrollment System 1.0 contains a SQL injection vulnerability in the keyword parameter of /getsubject.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can use UNION-based injection to extract sensitive information from the users table including usernames...

8.7CVSS7.7AI score0.00356EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/04 8:41 p.m.20 views

CVE-2024-58276 Obi08-Enrollment System 1.0 login.php SQL Injection

Obi08/Enrollment System 1.0 contains a SQL injection vulnerability in the keyword parameter of /getsubject.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can use UNION-based injection to extract sensitive information from the users table including usernames...

8.7CVSS0.00356EPSS
Exploits0References3
CVE
CVE
added 2025/12/04 8:41 p.m.11 views

CVE-2024-58276

CVE-2024-58276 concerns Obi08/Enrollment System 1.0. A SQL injection vulnerability exists in the keyword parameter of /get_subject.php, allowing unauthenticated attackers to execute arbitrary SQL queries. The impact includes potential extraction of sensitive data from the users table (e.g., usern...

8.7CVSS7.8AI score0.00356EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.8 views

PT-2025-49132

Obi08/Enrollment System 1.0 contains a SQL injection vulnerability in the keyword parameter of /get subject.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can use UNION-based injection to extract sensitive information from the users table including usernames...

8.7CVSS8.3AI score0.00356EPSS
Exploits0References4
OSV
OSV
added 2025/11/21 6:6 p.m.7 views

GHSA-9M7R-G8HG-X3VR SpiceDB: LookupResources with Multiple Entrypoints across Different Definitions Can Return Incomplete Results

Impact If your schema includes the following characteristics: 1. You have a permission defined in terms of a union + 1. That union references the same relation on both sides, but one side arrows to a different permission Then you might have missing LookupResources results when checking the...

6.3CVSS5.6AI score0.00194EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2025/10/19 6:3 a.m.135 views

gosql

gosql Auto...

7.7AI score
Exploits0
Vulnrichment
Vulnrichment
added 2025/09/25 7:30 p.m.3 views

CVE-2025-59816 Authenticated Union based SQL-injection in the search input field

This vulnerability allows attackers to directly query the underlying database, potentially retrieving all data stored in the Billing Admin database, including user credentials. User passwords are stored in plaintext, significantly increasing the severity of this issue...

7.3CVSS6.3AI score0.00226EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/30 6:21 p.m.4 views

CVE-2025-50972

SQL Injection vulnerability in AbanteCart 1.4.2, allows unauthenticated attackers to execute arbitrary SQL commands via the tmplid parameter to index.php. Three techniques have been demonstrated: error-based injection using a crafted FLOOR-based payload, time-based blind injection via SLEEP, and...

9.8CVSS8.9AI score0.00421EPSS
Exploits1References1
NVD
NVD
added 2025/08/27 3:15 p.m.4 views

CVE-2025-50972

SQL Injection vulnerability in AbanteCart 1.4.2, allows unauthenticated attackers to execute arbitrary SQL commands via the tmplid parameter to index.php. Three techniques have been demonstrated: error-based injection using a crafted FLOOR-based payload, time-based blind injection via SLEEP, and...

9.8CVSS0.00421EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/08/27 12:0 a.m.2 views

CVE-2025-50972

SQL Injection vulnerability in AbanteCart 1.4.2, allows unauthenticated attackers to execute arbitrary SQL commands via the tmplid parameter to index.php. Three techniques have been demonstrated: error-based injection using a crafted FLOOR-based payload, time-based blind injection via SLEEP, and...

8.5AI score0.00421EPSS
Exploits1References1
CVE
CVE
added 2025/08/27 12:0 a.m.23 views

CVE-2025-50972

CVE-2025-50972 affects AbanteCart 1.4.2. The vulnerability is a SQL Injection in the unvalidated tmpl_id parameter sent to index.php, enabling unauthenticated attackers to execute arbitrary SQL commands. Documented techniques include error-based injections using a crafted FLOOR payload, time-base...

9.8CVSS8.7AI score0.00421EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/27 12:0 a.m.9 views

PT-2025-34876 · Unknown · Abantecart

Name of the Vulnerable Software and Affected Versions: AbanteCart version 1.4.2 Description: AbanteCart is susceptible to a SQL Injection issue. Unauthenticated attackers can execute arbitrary SQL commands via the tmpl id parameter in the index.php file. Exploitation techniques include error-base...

9.8CVSS7.9AI score0.00421EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2025/02/20 3:52 p.m.101 views

Exploit for SQL Injection in Eniture Ltl_Freight_Quotes

CVE-2024-13481 LTL Freight Quotes – R+L Carriers Edition = 5.6...

7.5CVSS7.4AI score0.00923EPSS
Exploits1
OSV
OSV
added 2024/06/13 6:15 a.m.6 views

CVE-2024-3552

The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based...

9.8CVSS5.8AI score0.67288EPSS
Exploits4References1
Rows per page
Query Builder