Lucene search
K

204 matches found

Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.13 views

PT-2026-41126

Name of the Vulnerable Software and Affected Versions ClipBucket versions prior to 5.5.3 - 122 Description An SQL Injection SQLi issue exists in the authenticated admin endpoint "admin area/action logs.php". The endpoint processes the type parameter, which is passed to the fetch action logs...

7.1CVSS5.9AI score0.00203EPSS
Exploits0References4
NVD
NVD
added 2026/05/11 6:16 p.m.9 views

CVE-2026-38567

HireFlow v1.2 is vulnerable to SQL injection in the /login and /search endpoints. User-supplied input is concatenated directly into SQL queries without parameterization. An unauthenticated attacker can bypass authentication by supplying a crafted username e.g. admin'-- or extract the full content...

9.8CVSS0.00495EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.13 views

PT-2026-39655

HireFlow v1.2 is vulnerable to SQL injection in the /login and /search endpoints. User-supplied input is concatenated directly into SQL queries without parameterization. An unauthenticated attacker can bypass authentication by supplying a crafted username e.g. admin'-- or extract the full content...

5.9AI score0.00495EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2026/05/01 2:51 p.m.92 views

SQLInjection

Projekt Edukacyjny: Podatności SQL Injection Niniejsze repozy...

5.9AI score
Exploits0
NVD
NVD
added 2026/04/29 8:16 p.m.6 views

CVE-2018-25300

XATABoost CMS 1.0.0 contains a union-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id parameter. Attackers can send GET requests to news.php with malicious id values to extract sensitive database informatio...

8.8CVSS0.00323EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/29 7:24 p.m.8 views

EUVD-2018-21821

XATABoost CMS 1.0.0 contains a union-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id parameter. Attackers can send GET requests to news.php with malicious id values to extract sensitive database informatio...

8.8CVSS5.7AI score0.00323EPSS
Exploits0References3
CVE
CVE
added 2026/04/29 7:24 p.m.14 views

CVE-2018-25300

XATABoost CMS 1.0.0 is affected by a union-based SQL injection via the id parameter in news.php, enabling unauthenticated attackers to manipulate queries and potentially extract sensitive database information. The vulnerability is evidenced in CVE-2018-25300 with CVSS v3.1 base score 8.2 ( HIGH )...

8.8CVSS5.7AI score0.00323EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/29 7:24 p.m.34 views

CVE-2018-25300 XATABoost CMS 1.0.0 SQL Injection via news.php

XATABoost CMS 1.0.0 contains a union-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id parameter. Attackers can send GET requests to news.php with malicious id values to extract sensitive database informatio...

8.8CVSS0.00323EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.8 views

PT-2026-35983

XATABoost CMS 1.0.0 contains a union-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id parameter. Attackers can send GET requests to news.php with malicious id values to extract sensitive database informatio...

8.8CVSS5.7AI score0.00323EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/03/27 9:5 a.m.143 views

sqli

SQL Injection Write-up 🧪 1. Průzkum Do vyhledávacího pole...

6AI score
Exploits0
GithubExploit
GithubExploit
added 2026/03/18 1:2 p.m.128 views

SQLInject

Sqlinject 💉 Advanced SQL Injection Scanner with WAF Bypass...

6AI score
Exploits0
EUVD
EUVD
added 2026/03/12 6:30 p.m.3 views

EUVD-2019-19784

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive databa...

8.8CVSS5.9AI score0.00331EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/12 6:30 p.m.5 views

EUVD-2019-19792

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the galleryid parameter. Attackers can send GET requests to gallery.php with malicious galleryid values using...

8.8CVSS5.9AI score0.00439EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/12 6:30 p.m.7 views

EUVD-2019-19788

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive data...

8.8CVSS5.9AI score0.00512EPSS
Exploits1References3
NVD
NVD
added 2026/03/12 4:16 p.m.4 views

CVE-2019-25529

Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Attackers can send GET requests to the admin/edit.php endpoint with malicious 'page' values using boolean-based...

7.1CVSS0.00284EPSS
Exploits0References4
NVD
NVD
added 2026/03/12 4:16 p.m.5 views

CVE-2019-25511

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the videoid parameter. Attackers can send GET requests to fonksiyonlar.php with malicious videoid values using...

8.8CVSS0.00369EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/12 3:37 p.m.3 views

CVE-2019-25529 Placeto CMS Alpha rv.4 SQL Injection via page Parameter

Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Attackers can send GET requests to the admin/edit.php endpoint with malicious 'page' values using boolean-based...

7.1CVSS5.9AI score0.00284EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/12 3:36 p.m.6 views

CVE-2019-25517

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send requests to haberarsiv.php with malicious cid values using UNION-based injecti...

8.8CVSS5.9AI score0.00451EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/12 3:36 p.m.1 views

CVE-2019-25516

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the galleryid parameter. Attackers can send GET requests to gallery.php with malicious galleryid values using...

8.8CVSS5.9AI score0.00439EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/12 3:36 p.m.26 views

CVE-2019-25516 Jettweb PHP Hazir Haber Sitesi Scripti V1 SQL Injection via gallery.php

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the galleryid parameter. Attackers can send GET requests to gallery.php with malicious galleryid values using...

8.8CVSS0.00439EPSS
Exploits1References2
Rows per page
Query Builder