PPDB version 2.4-update 6118-1 suffers from a remote blind SQL injection vulnerability.
9d523a1c4c7a1e4958bb28bea2acec5647cfe8b259c7789ee6c3b10177fbb4d5Park Ticketing Project version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
1273e992f54e38d81032650942cf05f0d1f6d8b4728541c4e226b2c694587317Online Survey System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
0660b2849a4e1a0328a3532eed3666413e8e50508288962d63eca364d91fe25cRed Hat Security Advisory 2024-6428-03 - An update is now available for Red Hat Ansible Automation Platform 2.4. Issues addressed include denial of service, memory exhaustion, remote SQL injection, and traversal vulnerabilities.
e32ebece28e682f0d6e2ba1d7822205327b5a5e583c21260fc3117f4b4668f27C-MOR Video Surveillance versions 5.2401 and 6.00PL01 suffer from a remote SQL injection vulnerability.
3631436bc00a5ef9505d823e81f823511bc49dc2698141fab1c6e02a8b517a74Online Shopping Portal Project version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
2aaf65cb555486e2820ada0ce32bf28469f0c31b148f9f82386b338d41703ea5Aplikasi Sistem Sekolah using CodeIgniter 3 versions 3.0.0 through 3.2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
fe65c787aee815dfc8b9290370fcbbbd08d7fe1dc9a91dcb691c3cd4a0a59277Tourism Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
db170b3ac31a17248bfa19e67220ae00449f12c6e02e1fc5d27c5fcdf490b79aSupply Chain Management version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
e470a8736045692eb5cfaa7bc4e77aaa4cc7c9beb8b335abd16a1b89d107b75eStudent Record System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
65197edb9fa8815555185ffcfdef263bccbd753949a90ec711337f13c2e0c060Online Course Registration version 1.0 suffers from a remote blind SQL injection vulnerability.
33f34004d037922833768a63f88ac2eafd52901b044b79be249240c957b80608Webpay E-Commerce version 1.0 suffers from a remote SQL injection vulnerability.
aab9cd23f27d0b380a30652d38f6b7294616ac5ba2a2caacad04babc8614cba6Online Job Portal IN version 1.0 suffers from a remote SQL injection vulnerability.
92218ce274c20d93f28c9b743aacda84a68675963b3607d54c3484d9218e178eEmail Subscribers and Newsletters plugin contains an unauthenticated timebased SQL injection in versions before 4.3.1. The hash parameter is vulnerable to injection.
883d0eaca9891a011a583d7cbea23b1c7f956800de4a058033366b43cb374379This Metasploit module will scan for hosts vulnerable to an unauthenticated SQL injection within the advanced search feature of the Web-Dorado ECommerce WD 1.2.5 and likely prior.
ce900f10acc1386276f00739f087918826cb2474bfdb669e0c939feac5f7524aPaid Membership Pro, a WordPress plugin, prior to 2.9.8 is affected by an unauthenticated SQL injection via the code parameter. Remote attackers can exploit this vulnerability to dump usernames and password hashes from the wp_users table of the affected WordPress installation. These password hashes can then be cracked offline using tools such as Hashcat to obtain valid login credentials for the affected WordPress installation.
d01aa9df62ceaa2afa8e7303c8aaf9059424791f857f1b227c5c890811cf5457RegistrationMagic, a WordPress plugin, prior to 5.0.1.5 is affected by an authenticated SQL injection via the task_ids parameter.
1a580e447f3469ec25a634735f3ea21fb9756b92a3c75631271cbb832da6c3fdThe iDangero.us Chop Slider 3 WordPress plugin version 3.4 and prior contains a blind SQL injection in the id parameter of the get_script/index.php page. The injection is passed through GET parameters, and thus must be encoded, and magic_quotes is applied at the server.
c40d3f2150f043263d7f5b593f87cd6eb6ed9507f109b3c2713e5d016de691c2Secure Copy Content Protection and Content Locking, a WordPress plugin, prior to 2.8.2 is affected by an unauthenticated SQL injection via the sccp_id[] parameter. Remote attackers can exploit this vulnerability to dump usernames and password hashes from thewp_users table of the affected WordPress installation. These password hashes can then be cracked offline using tools such as Hashcat to obtain valid login credentials for the affected WordPress installation.
a16f33882a4042dbb5483766850b39941b6501b9b0173d5fdf5fb279b10a5e47Abandoned Cart, a plugin for WordPress which extends the WooCommerce plugin, prior to 5.8.2 is affected by an unauthenticated SQL injection via the billing_first_name parameter of the save_data AJAX call. A valid wp_woocommerce_session cookie is required, which has at least one item in the cart.
80a396b232c09010cbae409cc90533d399a952a66a286c4d10fe3644a0ecc608This Metasploit module attempts to exploit a UNION-based SQL injection in Contus Video Gallery for Wordpress version 2.7 and likely prior in order if the instance is vulnerable.
957f68f976c01e80a8d26d3b9259149bd83c775d713a80530d50ce5f9cb08c4cLearnPress, a learning management plugin for WordPress, prior to 3.2.6.8 is affected by an authenticated SQL injection via the current_items parameter of the post-new.php page.
150d41dad29f88db33ed82424ed85cc194746e3e92127751db33050409ecec61This Metasploit module implements the mass SQL injection attack in use lately by concatenation of HTML string that forces a persistent XSS attack to redirect user browser to an attacker controller website.
66c7ad1c79601a84be4b088966757410f9c1cc2c6e3b7253cd22e3e84d90ed85This Metasploit module will scan given instances for an unauthenticated SQL injection within the CP Multi-View Calendar plugin v1.1.4 for Wordpress.
fa6f1e6bbb90332533f804d4e77a327f326adf3a7cc5346e615c88d7f2bcfa34Modern Events Calendar plugin contains an unauthenticated timebased SQL injection in versions before 6.1.5. The time parameter is vulnerable to injection.
982d4d258c486cd930bfa6a8ab9aa9156ad56e14deb8a20ab4d8c1bd29c21177
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed