PHP Timeclock version 1.04 suffers from a remote SQL injection vulnerability.
72d88bfd629409e56ac9c276b3ce34ecVoting System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. Original discovery of SQL injection in this version is attributed to Syed Sheeraz Ali in May of 2021.
8afb5f8641ff27243de8d79704ae5532b2evolution version 7-2-2 suffers from a remote SQL injection vulnerability.
1ced09b619490337be3ea86e23221667jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.
d6a21f297789ddb400c5d81f48b8bf81sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
2423575bab9b29b2cb5a2f5b97d36e86Gadget Works Online Ordering System version 1.0 remote SQL injection to remote code execution exploit.
54fabd3d8fd2ef1bf66e8982e1447134Gadget Works Online Ordering System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
a2eaa3a011a8f97e9215605c8c9e6fb1Voting System version 1.0 suffers from remote time-based SQL injection vulnerability.
592c7f356d721b7a151d210a4283ade6Piwigo version 11.3.0 suffers from a remote SQL injection vulnerability.
cba9d727369383b51aead53353eaaf3bCacti version 1.2.12 remote code execution exploit that leverages a remote SQL vulnerability.
7d02b8eae5a01a746cf44cba4c1fe1a3SEO Panel version 4.8.0 remote blind SQL injection exploit. Original discovery in this version is attributed to Piyush Patil in February of 2021.
4b18d3433a071c4d3f98f08f8abcd113Document Management System version 1.0 remote SQL injection exploit that deploys a web shell.
ce95bb6aee806602e2a432244244b16aRed Hat Security Advisory 2021-1313-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include double free, information leakage, and remote SQL injection vulnerabilities.
52c06a50249502d87081f9b0b7701eafThis Metasploit module exploits two NoSQL injection vulnerabilities to retrieve the user list and password reset tokens from the system. Next, the USER is targeted to reset their password. Then, a command injection vulnerability is used to execute the payload. While it is possible to upload a payload and execute it, the command injection provides a no disk write method which is more stealthy. Cockpit CMS versions 0.10.0 through 0.11.1, inclusive, contain all the necessary vulnerabilities for exploitation.
02bc0b645077ffa131dc1c08b1a388bfFast PHP Chat version 1.3 suffers from a remote SQL injection vulnerability.
a327483a86ab5acaf1b709b62d3c730dCITSmart ITSM version 9.1.2.27 suffers from a remote time-based blind SQL injection vulnerability.
3d24d2282ef6f774e3ec4558ad1409d1Digital Crime Report Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
0caf2f815b9b8bcfabd56d4dce51e40cBlitar Tourism version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
03d4e059484374b7780a14a295e4a837Simple Student Information System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
bfec25b7957828dbd5331e19f7c20a6fPrestaShop version 1.7.6.7 suffers from a remote blind SQL injection vulnerability.
c954154779fef04ad61ce904511a42b9OpenEMR version 4.1.0 remote SQL Injection exploit.
14553fa83810666e04f61e897a4946f0Basic Shopping Cart version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
684b20a18d440d8bc427b515567526b1Simple Food Website version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
ffc6348caa12b6063100db21ba4f2bc3sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
44cb9c378cd0433ae18b4bcf97cabeddSchool Registration and Fee System version 1.0 suffers from a remote blind SQL injection vulnerability.
e7d2ffd603c7340148e78206e9763d13
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed