12 matches found
CVE-2017-7878
SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database...
CVE-2025-47937
CVE-2025-47937 affects TYPO3 (PHP-based CMS). The issue arises in TYPO3 versions 9.0.0 through just before the fixed ELTS releases, where a DBAL multi-table query applies FrontendGroupRestriction only to the first table. This can allow data from additional tables in the same query to be exposed t...
CVE-2022-45186
An issue was discovered in SuiteCRM 7.12.7. Authenticated users can recover an arbitrary field of a database...
CVE-2022-37062
All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains the path of the SQLite users database and...
Microweber Discloses Sensitive Information
userfiles/modules/users/controller/controller.php in Microweber before 1.1.20 allows an unauthenticated user to disclose the users database via a /modules/ POST request...
CVE-2020-22174
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\book-appointment.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information...
CVE-2017-7878
SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database...
Easy POS System - 'login.php' SQL Injection
Exploit: Easy POS System - SQL Injection + Author: vinicius777 + Contact: vinicius777 AT gmail @vinicius777 + Vendor Homepage: http://sourceforge.net/projects/easypossystem/ 1 Sql Injection POST Time Based Blind Note: Time based Injection on POST requests using burp, as output indicated. You...
SA-CONTRIB-2011-026 - Secure Password Hashes (phpass) - Multiple Vulnerabilities
This module uses the PHPass hashing library to try to store users hashed passwords securely. The module sets a fixed string for the 'pass' column in the users database column but does not replace the pass attribute of the account object used for password reset links. This leads to a vulnerability...
HotWeb Rentals "PageId" SQL Injection Vulnerability
HotWeb Rentals "PageId" SQL Injection Vulnerability PRODUCT http://www.hotwebscripts.co.uk/ Input passed to the "PageId" parameter in default.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. POC...
CVE-2007-6662
Directory traversal vulnerability in file.php in CuteNews 2.6 allows remote attackers to read arbitrary files via a .. dot dot in the file parameter, as demonstrated by reading the admin username and password hash in data/users.db.php...
CVE-1999-1428
Solaris Solstice AdminSuite AdminSuite 2.1 and 2.2 allows local users to gain privileges via the save option in the Database Manager, which is running with setgid bin privileges...