2185 matches found
CVE-2019-25726
CVE-2019-25726 affects All in One Video Downloader 1.2. An SQL injection vulnerability exists in the admin page edit via the id parameter, allowing unauthenticated attackers to execute arbitrary SQL queries and potentially extract sensitive data (usernames, databases, version details). The provid...
PT-2026-46200
Listing Hub CMS 1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to pages.php with crafted id values using error-based SQL injection techniques to...
PT-2026-46887
Name of the Vulnerable Software and Affected Versions Shopware versions prior to 6.6.10.18 Shopware versions prior to 6.7.10.1 Description An attacker can enumerate administrator usernames by performing a timing attack. This occurs because the getUserEntityByUserCredentials function in the...
PHP EI-Tube Script SQL注入漏洞
The PHP EI-Tube Script is a video website construction system developed by Elis Atef. The PHP EI-Tube Script has a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the search parameter, which may allow unauthenticated attackers to execute arbitrary SQL...
CVE-2018-25429
Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the zProIdPro parameter. Attackers can send GET requests to zpro.php with crafted SQL payloads in the zProIdPro parameter to extract...
CVE-2018-25433 Joomla JE Photo Gallery 1.1 SQL Injection via categoryid
Joomla Component JE Photo Gallery 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting malicious SQL code through the categoryid parameter. Attackers can send GET requests to index.php with crafted categoryid values in the...
CVE-2018-25429
Paroiciel 11.20 contains an SQL injection in zpro.php via the zProIdPro parameter, exploitable by authenticated users to run arbitrary SQL and exfiltrate sensitive DB info (usernames, databases, version). CVSS 4.0/3.1 base scores are HIGH (7.1) with NETWORK attack vector and LOW privileges requir...
CVE-2018-25429 Paroiciel 11.20 SQL Injection via zProIdPro Parameter
Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the zProIdPro parameter. Attackers can send GET requests to zpro.php with crafted SQL payloads in the zProIdPro parameter to extract...
CVE-2026-40543 Missing Authorization in SOPlanning
SOPlanning does not enforce authorization for backup functionalities. An unauthenticated attacker can directly query backup-related endpoints and retrieve backup archives containing user databases with usernames and password hashes, as well as the config.csv file, which includes additional...
PT-2026-45356
Name of the Vulnerable Software and Affected Versions SOPlanning versions prior to 1.56 Description Lack of authorization enforcement for backup functionalities allows an unauthenticated attacker to query backup-related endpoints. This can lead to the retrieval of backup archives containing user...
CVE-2018-25420
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to watch.php with crafted SQL payloads to extract sensitive database informati...
CVE-2018-25416
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the country parameter. Attackers can send GET requests to country.php with crafted SQL payloads in the country parameter to extrac...
CVE-2018-25418
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the year parameter. Attackers can send GET requests to year.php with crafted SQL payloads in the year parameter to extract sensiti...
CVE-2018-25419
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the genre parameter. Attackers can send GET requests to genre.php with crafted SQL payloads in the genre parameter to extract...
CVE-2018-25407
eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters across...
CVE-2018-25405
eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters to extract...
CVE-2018-25420 AiOPMSD Final 1.0.0 SQL Injection via watch.php
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to watch.php with crafted SQL payloads to extract sensitive database informati...
CVE-2018-25420
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to watch.php with crafted SQL payloads to extract sensitive database informati...
CVE-2018-25420 AiOPMSD Final 1.0.0 SQL Injection via watch.php
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to watch.php with crafted SQL payloads to extract sensitive database informati...
EUVD-2018-21942
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to watch.php with crafted SQL payloads to extract sensitive database informati...