Unified Office Total Connect Now version 1.0 suffers from a remote SQL injection vulnerability.
da2163d25a6ee8709e8be515ad7c68f3Teachers Record Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities. This report has additional payloads although the original discovery of SQL injection in this version is attributed to gh1mau in July of 2020.
c314128513b4635d95f6eb1300df19b2Client Management System version 1.1 suffers from a remote SQL injection vulnerability.
b2a0f5124d38d078542b920ab171f2b8Small CRM version 3.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
db23fe4e0c0ca0781c56faea3495fa6fStock Management System version 1.0 suffers from a remote blind SQL injection vulnerability. This is a variant to the original discovery of SQL injection in this version discovered in August of 2020 by hyd3sec.
7376bc754717fdc360514061972934e0Grocery Crud version 1.6.4 suffers from a remote SQL injection vulnerability.
2b5a21c387278066f023f18e33bf8187Zenario CMS version 8.8.52729 suffers from authenticated blind and error-based remote SQL injection vulnerabilities.
0ee6dd40446d677f5dd4f62fa0884b24Student Result Management System version 1.0 remote SQL injection exploit. This is a variant of the original discovery of SQL injection in this version by Ritesh Gohil.
58539cc8cbacde28a5803e28aa8a5cf9sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
5d549a9d48f57591c03e5e02ad82cd9fCOVID-19 Testing Management System version 1.0 remote SQL injection exploit based upon the original discovery by Rohit Burke in May of 2021.
12bc9bc3329a4bc99a1d6ad5f44b6f45Rocket.Chat version 3.12.1 unauthenticated NoSQL injection to remote code execution exploit.
1d488a4a23cebcb6cf88668c84de24c7Local Service Search Engine Management System version 1.0 remote SQL injection exploit that leverages the original discovery by Aditya Wakhlu in December of 2020.
76768d3ec18eaeb66f7b8b892054d4a3This Metasploit module exploits a SQL injection vulnerability in Cacti versions 1.2.12 and below. An admin can exploit the filter variable within color.php to pull arbitrary values as well as conduct stacked queries. With stacked queries, the path_php_binary value is changed within the settings table to a payload, and an update is called to execute the payload. After calling the payload, the value is reset.
96f2d2ce45330fd71491a45ad435fbe4WordPress WP Statistics plugin versions 13.0 to 13.0.7 suffer from a remote unauthenticated blind SQL injection vulnerability.
f55763934154541b757f351038c0e96dRed Hat Security Advisory 2021-2039-01 - This release of Red Hat Integration - Service registry 1.1.1.GA serves as a replacement for 1.1.0.GA, and includes the below security fixes. Issues addressed include XML injection and remote SQL injection vulnerabilities.
a7f2b920bee53e427f11e78f85418989In4Suit ERP version 3.2.74.1370 suffers from a remote SQL injection vulnerability.
631db13ab8c6191f9561ffd9735c6f99COVID19 Testing Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
a5e373fba80ab6c8d5178ece6d4685ffEgavilanMedia PHPCRUD version 1.0 suffers from a remote SQL injection vulnerability.
1f7d692db78a547cdcca9b8720f06f81Printable Staff ID Card Creator System version 1.0 suffers from remote shell upload and remote SQL injection vulnerabilities.
4490bd349a0b50e4d7488c7b344af3e9Billing Management System version 2.0 suffers from multiple remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to Pintu Solanki in February of 2021.
6a43b4ac7bf852e7431dafc25e456f64Dental Clinic Appointment Reservation System version 1.0 suffers from multiple remote SQL injection vulnerabilities with one of them allowing for authentication bypass.
590039c72fd98d00add5038df52eb7a0Customer Relationship Management (CRM) System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
df2f1ca3c4905b571716bcf98058482cHexagon G!nius Auskunftsportal versions prior to 5.0.0.0 suffer from a remote SQL injection vulnerability.
d6dd0935d69c6151673cc0768d99190aERPNext versions 12.18.0 and 13.0.0 suffer from an authenticated remote SQL injection vulnerability.
6c329df5e9d8646f43166acb54002a9bPHP Timeclock version 1.04 suffers from a remote SQL injection vulnerability.
72d88bfd629409e56ac9c276b3ce34ec
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed