Lucene search
+L

1460 matches found

EUVD
EUVD
added 2026/05/17 12:11 p.m.16 views

EUVD-2018-21859

Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Attackers can exploit the hashtag parameter with union-based payloads to retrieve table and column names...

8.8CVSS5.9AI score0.00267EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.17 views

PT-2026-41564

Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Attackers can exploit the hashtag parameter with union-based payloads to retrieve table and column names...

8.8CVSS5.9AI score0.00267EPSS
Exploits0References4
NVD
NVD
added 2026/05/16 4:16 p.m.12 views

CVE-2020-37244

Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' parameters. Attackers can send GET requests to the badges module with crafted payloads to extract...

8.8CVSS0.00276EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/16 3:25 p.m.39 views

CVE-2020-37244 WordPress Plugin Supsystic Membership 1.4.7 SQL Injection via sidx

Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' parameters. Attackers can send GET requests to the badges module with crafted payloads to extract...

8.8CVSS0.00276EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/16 3:25 p.m.7 views

CVE-2020-37244

Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' parameters. Attackers can send GET requests to the badges module with crafted payloads to extract...

8.8CVSS6.1AI score0.00276EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/16 3:25 p.m.10 views

CVE-2020-37244 WordPress Plugin Supsystic Membership 1.4.7 SQL Injection via sidx

Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' parameters. Attackers can send GET requests to the badges module with crafted payloads to extract...

8.8CVSS6.1AI score0.00276EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/16 3:25 p.m.8 views

EUVD-2020-31244

Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' parameters. Attackers can send GET requests to the badges module with crafted payloads to extract...

8.8CVSS6.1AI score0.00276EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/16 1:56 a.m.15 views

CVE-2026-42847

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - 122, there is a critical SQL Injection SQLi vulnerability in ClipBucket, exploitable through the type parameter on the authenticated admin endpoint adminarea/actionlogs.php. The endpoint adminarea/actionlogs.php reads...

7.1CVSS5.9AI score0.00203EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.13 views

PT-2026-41444

Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' parameters. Attackers can send GET requests to the badges module with crafted payloads to extract...

8.8CVSS6.1AI score0.00276EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/14 8:45 p.m.7 views

CVE-2026-42847

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - 122, there is a critical SQL Injection SQLi vulnerability in ClipBucket, exploitable through the type parameter on the authenticated admin endpoint adminarea/actionlogs.php. The endpoint adminarea/actionlogs.php reads...

7.1CVSS5.9AI score0.00203EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.21 views

PT-2026-41126

Name of the Vulnerable Software and Affected Versions ClipBucket versions prior to 5.5.3 - 122 Description An SQL Injection SQLi issue exists in the authenticated admin endpoint "admin area/action logs.php". The endpoint processes the type parameter, which is passed to the fetch action logs...

7.1CVSS5.9AI score0.00203EPSS
Exploits0References4
NVD
NVD
added 2026/05/11 6:16 p.m.11 views

CVE-2026-38567

HireFlow v1.2 is vulnerable to SQL injection in the /login and /search endpoints. User-supplied input is concatenated directly into SQL queries without parameterization. An unauthenticated attacker can bypass authentication by supplying a crafted username e.g. admin'-- or extract the full content...

9.8CVSS0.00495EPSS
Exploits1References3
OSV
OSV
added 2026/05/11 12:0 p.m.3 views

UBUNTU-CVE-2026-2291

dnsmasqs extractname function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS...

7.3CVSS5.9AI score0.00754EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.16 views

PT-2026-39655

HireFlow v1.2 is vulnerable to SQL injection in the /login and /search endpoints. User-supplied input is concatenated directly into SQL queries without parameterization. An unauthenticated attacker can bypass authentication by supplying a crafted username e.g. admin'-- or extract the full content...

5.9AI score0.00495EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2026/05/01 2:51 p.m.104 views

SQLInjection

Projekt Edukacyjny: Podatności SQL Injection Niniejsze repozy...

5.9AI score
Exploits0
NVD
NVD
added 2026/04/29 8:16 p.m.7 views

CVE-2018-25300

XATABoost CMS 1.0.0 contains a union-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id parameter. Attackers can send GET requests to news.php with malicious id values to extract sensitive database informatio...

8.8CVSS0.00323EPSS
Exploits0References3
CVE
CVE
added 2026/04/29 7:24 p.m.15 views

CVE-2018-25300

XATABoost CMS 1.0.0 is affected by a union-based SQL injection via the id parameter in news.php, enabling unauthenticated attackers to manipulate queries and potentially extract sensitive database information. The vulnerability is evidenced in CVE-2018-25300 with CVSS v3.1 base score 8.2 ( HIGH )...

8.8CVSS5.7AI score0.00323EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/29 7:24 p.m.9 views

EUVD-2018-21821

XATABoost CMS 1.0.0 contains a union-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id parameter. Attackers can send GET requests to news.php with malicious id values to extract sensitive database informatio...

8.8CVSS5.7AI score0.00323EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/29 7:24 p.m.36 views

CVE-2018-25300 XATABoost CMS 1.0.0 SQL Injection via news.php

XATABoost CMS 1.0.0 contains a union-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id parameter. Attackers can send GET requests to news.php with malicious id values to extract sensitive database informatio...

8.8CVSS0.00323EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.10 views

PT-2026-35983

XATABoost CMS 1.0.0 contains a union-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id parameter. Attackers can send GET requests to news.php with malicious id values to extract sensitive database informatio...

8.8CVSS5.7AI score0.00323EPSS
Exploits0References4
Rows per page
Query Builder