183 matches found
PT-2026-35643
Name of the Vulnerable Software and Affected Versions LiteLLM versions 1.81.16 through 1.83.6 Description An unauthenticated SQL injection exists in the proxy API key verification process. The issue occurs because a database query mixed caller-supplied key values directly into the query text...
MobSF has SQL Injection in its SQLite Database Viewer Utils
Description MobSF's readsqlite function in mobsf/MobSF/utils.py lines 542-566 uses Python string formatting % to construct SQL queries with table names read from a SQLite database's sqlitemaster table. When a security analyst uses MobSF to analyze a malicious mobile application containing a craft...
EUVD-2018-21616
Warranty Tracking System 11.06.3 contains an SQL injection vulnerability that allows attackers to execute arbitrary SQL queries by injecting malicious code through the txtCustomerCode, txtCustomerName, and txtPhone POST parameters in SearchCustomer.php. Attackers can submit crafted SQL statements...
CVE-2018-25161
Warranty Tracking System 11.06.3 contains an SQL injection vulnerability that allows attackers to execute arbitrary SQL queries by injecting malicious code through the txtCustomerCode, txtCustomerName, and txtPhone POST parameters in SearchCustomer.php. Attackers can submit crafted SQL statements...
CVE-2018-25163
BitZoom 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rollno and username parameters in forgot.php and login.php. Attackers can submit crafted POST requests with SQL UNION statements to...
CVE-2018-25161 Warranty Tracking System 11.06.3 SQL Injection via SearchCustomer.php
Warranty Tracking System 11.06.3 contains an SQL injection vulnerability that allows attackers to execute arbitrary SQL queries by injecting malicious code through the txtCustomerCode, txtCustomerName, and txtPhone POST parameters in SearchCustomer.php. Attackers can submit crafted SQL statements...
PT-2026-23673
Warranty Tracking System 11.06.3 contains an SQL injection vulnerability that allows attackers to execute arbitrary SQL queries by injecting malicious code through the txtCustomerCode, txtCustomerName, and txtPhone POST parameters in SearchCustomer.php. Attackers can submit crafted SQL statements...
sql-injection
SQL Injection Payloads List SQL Injection Payloads List...
CVE-2020-37076
Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based,...
CVE-2020-37076
Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based,...
CVE-2020-37076 Victor CMS 1.0 - 'post' SQL Injection
Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based,...
CVE-2020-37076
Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based,...
CVE-2020-37076
Victor CMS 1.0 is affected by a SQL injection in the post parameter of post.php. The vulnerability allows remote attackers to manipulate database queries using crafted UNION SELECT payloads to extract information via boolean-based, error-based, and time-based techniques. Reported across multiple ...
PT-2026-5827
Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based,...
SUSE CVE-2010-3682
Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service mysqld daemon crash by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY SELECT ... WHERE ..." statements, which triggers a NULL pointer dereference in the...
CVE-2020-15226 SQL Injection in GLPI Search API
In GLPI before version 9.5.2, there is a SQL Injection in the API's search function. Not only is it possible to break the SQL syntax, but it is also possible to utilise a UNION SELECT query to reflect sensitive information such as the current database version, or database user. The most likely...
glpi -- SQL Injection in Search API
MITRE Corporation reports: In GLPI before version 9.5.2, there is a SQL Injection in the API's search function. Not only is it possible to break the SQL syntax, but it is also possible to utilise a UNION SELECT query to reflect sensitive information such as the current database version, or databa...
Schools Alert Management Script - SQL Injection
Exploit Title: Schools Alert Management Script - SQL Injection Date: 2018-06-07 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/ Category: Web Application Exploit Author: M3@Pandas Web:...
Freelance Website Script 2.0.6 - 'pr_id' / 'catid' SQL Injection
Exploit Title: Freelance Website Script 2.0.6 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/freelance-website-script/ Version: 2.0.6 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Explo...
MySQL File Uploader 1.0 - id Parameter SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: MySQL Blob Uploader - File Upload to Database PHP Script v1.0 - SQL Injection Google Dork: N/A Date: 07.02.2017 Vendor Homepage: http://nelliwinne.net/ Software Buy:...