PPDB version 2.4-update 6118-1 suffers from a remote blind SQL injection vulnerability.
9d523a1c4c7a1e4958bb28bea2acec5647cfe8b259c7789ee6c3b10177fbb4d5
Park Ticketing Project version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
1273e992f54e38d81032650942cf05f0d1f6d8b4728541c4e226b2c694587317
Online Survey System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
0660b2849a4e1a0328a3532eed3666413e8e50508288962d63eca364d91fe25c
Red Hat Security Advisory 2024-6428-03 - An update is now available for Red Hat Ansible Automation Platform 2.4. Issues addressed include denial of service, memory exhaustion, remote SQL injection, and traversal vulnerabilities.
e32ebece28e682f0d6e2ba1d7822205327b5a5e583c21260fc3117f4b4668f27
C-MOR Video Surveillance versions 5.2401 and 6.00PL01 suffer from a remote SQL injection vulnerability.
3631436bc00a5ef9505d823e81f823511bc49dc2698141fab1c6e02a8b517a74
Online Shopping Portal Project version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
2aaf65cb555486e2820ada0ce32bf28469f0c31b148f9f82386b338d41703ea5
Aplikasi Sistem Sekolah using CodeIgniter 3 versions 3.0.0 through 3.2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
fe65c787aee815dfc8b9290370fcbbbd08d7fe1dc9a91dcb691c3cd4a0a59277
Tourism Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
db170b3ac31a17248bfa19e67220ae00449f12c6e02e1fc5d27c5fcdf490b79a
Supply Chain Management version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
e470a8736045692eb5cfaa7bc4e77aaa4cc7c9beb8b335abd16a1b89d107b75e
Student Record System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
65197edb9fa8815555185ffcfdef263bccbd753949a90ec711337f13c2e0c060
Online Course Registration version 1.0 suffers from a remote blind SQL injection vulnerability.
33f34004d037922833768a63f88ac2eafd52901b044b79be249240c957b80608
Webpay E-Commerce version 1.0 suffers from a remote SQL injection vulnerability.
aab9cd23f27d0b380a30652d38f6b7294616ac5ba2a2caacad04babc8614cba6
Online Job Portal IN version 1.0 suffers from a remote SQL injection vulnerability.
92218ce274c20d93f28c9b743aacda84a68675963b3607d54c3484d9218e178e
Email Subscribers and Newsletters plugin contains an unauthenticated timebased SQL injection in versions before 4.3.1. The hash parameter is vulnerable to injection.
883d0eaca9891a011a583d7cbea23b1c7f956800de4a058033366b43cb374379
This Metasploit module will scan for hosts vulnerable to an unauthenticated SQL injection within the advanced search feature of the Web-Dorado ECommerce WD 1.2.5 and likely prior.
ce900f10acc1386276f00739f087918826cb2474bfdb669e0c939feac5f7524a
Paid Membership Pro, a WordPress plugin, prior to 2.9.8 is affected by an unauthenticated SQL injection via the code parameter. Remote attackers can exploit this vulnerability to dump usernames and password hashes from the wp_users table of the affected WordPress installation. These password hashes can then be cracked offline using tools such as Hashcat to obtain valid login credentials for the affected WordPress installation.
d01aa9df62ceaa2afa8e7303c8aaf9059424791f857f1b227c5c890811cf5457
RegistrationMagic, a WordPress plugin, prior to 5.0.1.5 is affected by an authenticated SQL injection via the task_ids parameter.
1a580e447f3469ec25a634735f3ea21fb9756b92a3c75631271cbb832da6c3fd
The iDangero.us Chop Slider 3 WordPress plugin version 3.4 and prior contains a blind SQL injection in the id parameter of the get_script/index.php page. The injection is passed through GET parameters, and thus must be encoded, and magic_quotes is applied at the server.
c40d3f2150f043263d7f5b593f87cd6eb6ed9507f109b3c2713e5d016de691c2
Secure Copy Content Protection and Content Locking, a WordPress plugin, prior to 2.8.2 is affected by an unauthenticated SQL injection via the sccp_id[] parameter. Remote attackers can exploit this vulnerability to dump usernames and password hashes from thewp_users table of the affected WordPress installation. These password hashes can then be cracked offline using tools such as Hashcat to obtain valid login credentials for the affected WordPress installation.
a16f33882a4042dbb5483766850b39941b6501b9b0173d5fdf5fb279b10a5e47
Abandoned Cart, a plugin for WordPress which extends the WooCommerce plugin, prior to 5.8.2 is affected by an unauthenticated SQL injection via the billing_first_name parameter of the save_data AJAX call. A valid wp_woocommerce_session cookie is required, which has at least one item in the cart.
80a396b232c09010cbae409cc90533d399a952a66a286c4d10fe3644a0ecc608
This Metasploit module attempts to exploit a UNION-based SQL injection in Contus Video Gallery for Wordpress version 2.7 and likely prior in order if the instance is vulnerable.
957f68f976c01e80a8d26d3b9259149bd83c775d713a80530d50ce5f9cb08c4c
LearnPress, a learning management plugin for WordPress, prior to 3.2.6.8 is affected by an authenticated SQL injection via the current_items parameter of the post-new.php page.
150d41dad29f88db33ed82424ed85cc194746e3e92127751db33050409ecec61
This Metasploit module implements the mass SQL injection attack in use lately by concatenation of HTML string that forces a persistent XSS attack to redirect user browser to an attacker controller website.
66c7ad1c79601a84be4b088966757410f9c1cc2c6e3b7253cd22e3e84d90ed85
This Metasploit module will scan given instances for an unauthenticated SQL injection within the CP Multi-View Calendar plugin v1.1.4 for Wordpress.
fa6f1e6bbb90332533f804d4e77a327f326adf3a7cc5346e615c88d7f2bcfa34
Modern Events Calendar plugin contains an unauthenticated timebased SQL injection in versions before 6.1.5. The time parameter is vulnerable to injection.
982d4d258c486cd930bfa6a8ab9aa9156ad56e14deb8a20ab4d8c1bd29c21177