114 matches found
Bus Pass Management System 安全漏洞
Bus Pass Management System is a bus pass management system. version 1.0 of Bus Pass Management System is vulnerable to an insecure direct object reference vulnerability that stems from the viewid parameter failing to check user permissions on all target object accesses. An attacker could exploit...
CVE-2021-37806
An SQL Injection vulnerability exists in https://phpgurukul.com Vehicle Parking Management System affected version 1.0. The system is vulnerable to time-based SQL injection on multiple endpoints. Based on the SLEEPN function payload that will sleep for a number of seconds used on the 1 editid , 2...
PT-2021-21876 · Unknown · Vehicle Parking Management System
Name of the Vulnerable Software and Affected Versions: Vehicle Parking Management System version 1.0 Description: A time-based SQL injection vulnerability exists in the Vehicle Parking Management System, affecting multiple endpoints. The vulnerability is exploited using the SLEEPN function payloa...
Curfew e-Pass Management System 1.0 SQL Injection
Exploit Title: Curfew e-Pass Management System 1.0 Multiple SQL Injection Vulnerabilities Google Dork: N/A Date: 04.08.2020 Exploit Author: Mucahit Karadag Vendor Homepage: https://products.phpgurukul.com/product/curfew-e-pass-management-system-project-report/ Software Link:...
Curfew e-Pass Management System 1.0 SQL Injection Vulnerability
Curfew e-Pass Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to gh1mau. Exploit Title: Curfew e-Pass Management System 1.0 Multiple SQL Injection Vulnerabilities Exploit Author: Mucahit...
CVE-2017-16543
Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter...
CVE-2017-16543
Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter...
CVE-2014-5201
SQL injection vulnerability in the Gallery Objects plugin 0.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the viewid parameter in a goviewobject action to wp-admin/admin-ajax.php...
Sql injection
SQL injection vulnerability in the Gallery Objects plugin 0.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the viewid parameter in a goviewobject action to wp-admin/admin-ajax.php...
CVE-2014-5201
SQL injection vulnerability in the Gallery Objects plugin 0.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the viewid parameter in a goviewobject action to wp-admin/admin-ajax.php...
WordPress Plugin Gallery Objects 0.4 - SQL Injection
Exploit Title : Wordpress Gallery Objects 0.4 SQL Injection Exploit Author : Claudio Viviani Vendor Homepage : http://galleryobjects.com/ Software Link : http://downloads.wordpress.org/plugin/gallery-objects.0.4.zip Dork Google: inurl:/admin-ajax.php?action=goviewobject Date : 2014-07-18 Tested o...
LogAnalyzer userchange.php 'viewid' Parameter XSS
The LogAnalyzer install hosted on the remote web server is affected by a cross-site scripting vulnerability due to a failure to properly sanitize user input to the 'viewid' parameter of the 'userchange.php' script. An attacker can exploit this issue to inject arbitrary HTML and script code into a...
CVE-2012-1063
Multiple SQL injection vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to execute arbitrary SQL commands via the 1 viewId parameter to fault/AlarmView.do or 2 period parameter to showHistoryData.do...
Sql injection
SQL injection vulnerability in Timecan CMS allows remote attackers to execute arbitrary SQL commands via the viewID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Due to the unavailability of the original source, it...