This Metasploit module will exploit a SQL injection in Zabbix 3.0.3 and likely prior in order to save the current usernames and password hashes from the database to a JSON file.
2ebbd2d691dd7508785002385cab0f09585ac3584018b08791e074e76431981a
AlienVault 4.6.1 and below is susceptible to an authenticated SQL injection attack against newpolicyform.php, using the insertinto parameter. This Metasploit module exploits the vulnerability to read an arbitrary file from the file system. Any authenticated user is able to exploit this, as administrator privileges are not required.
47041a9a098122925ec54b3140188d51933adc560f06bb113f6adbbff41e40a1
This Metasploit module extracts the usernames and hashed passwords of all users of the Pimcore web service by exploiting a SQL injection vulnerability in Pimcores REST API. Pimcore begins to create password hashes by concatenating a users username, the name of the application, and the users password in the format USERNAME:pimcore:PASSWORD. The resulting string is then used to generate an MD5 hash, and then that MD5 hash is used to create the final hash, which is generated using PHPs built-in password_hash function.
a1fac0dca0eb708a1348babebd5e4be27016a27680c8d2967d94171f313a98ca
This Metasploit module exploits an authenticated SQL injection in SuiteCRM in versions before 7.12.6. The vulnerability allows an authenticated attacker to send specially crafted requests to the export entry point of the application in order to retrieve all the usernames and their associated password from the database.
668d40628faf73dd32554ae84c36e46a6ae67a8a8d4b003f7fec6bd01f8d03a0
This Metasploit module exploits a SQL injection vulnerability found in vBulletin 5 that has been used in the wild since March 2013. This Metasploit module can be used to extract the web applications usernames and hashes, which could be used to authenticate into the vBulletin admin control panel.
9953eec6fb67362ca052bf437373a2bec59f84c7bb8d3f92c3865a42e0402bf8
This Metasploit module exploits a stacked SQL injection in order to add an administrator user to the SolarWinds Orion database.
093acbf207ec9ea4bf6637a74dfccd18178c65093dbf4078f9c5d6f9416237f6
Joomla versions 3.2.2 and below are vulnerable to an unauthenticated SQL injection which allows an attacker to access the database or read arbitrary files as the mysql user. This Metasploit module will only work if the mysql user Joomla is using to access the database has the LOAD_FILE permission.
e4f0efe9190cb160490dfa35a3813627e3c34903da6ee95ecf2826d34ac1a7b8
This Metasploit module can exploit NoSQL injections on MongoDB versions less than 2.4 and enumerate the collections available in the data via boolean injections.
23d57b4a76867f69c9b2084cf4f1230f9ee16bbfab1ca8236fb783e1ca3485e3
Progress Software WhatsUp Gold versions prior to 2024.0.0 suffer from a remote SQL injection vulnerability.
d2643d3ed23cb223e7dc521c6848e801ebb910bcdd26246c0e58de40bcbd3c44
File Management System version 1.0 suffers from a remote SQL injection vulnerability.
84d5093da25f3b74750013b5d2574ef53e8e965cf254aa1de6a7c732b13475ff
Red Hat Security Advisory 2024-5856-03 - A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include HTTP request smuggling, bypass, code execution, denial of service, deserialization, and remote SQL injection vulnerabilities.
ea36a11f364c1db6f9484d33a2e95c47d8f1805c6c7b8b0a3240836892eac85d
Medical Center Portal version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
4d30a67a0ab94c8ceed55ef0165e2eedf1d276131b5341cfc581bf2954c04b02
Marc@TMS CMS version 1.0 suffers from a remote SQL injection vulnerability.
7ce945e9ee9f63f544cbc47b68b4b3e53cc949f2005470d47eb077108c13828c
Login System Project version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
6246efe507f796ffbcf438b89a4e64415367c7c634bcb20d80f59a253f813619
Loan Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
ed75910910f3f594bf680ca801e599334e60fa3ca166470f03bfa31c27d4c6c4
Employee Record Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
48f74abd4ae2b0a4eefcbc41869e56c73b5b26ad8ea6f55bc7ef2939ebb312a7
DETS Project version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
8e871e7f49c2379860d7b67c7b6819a9dfb93577e9139f8863c582714f30982a
School Log Management System version 1.0 suffers from a WYSIWYG code injection vulnerability.
8ecbd78cc0fd66ac18a830457819fd7e6bc3280127a89e27f97777b39eda5335
Simple College Website version 1.0 appears to suffers from a remote SQL injection vulnerability that allows an attacker to achieve code execution.
87a1f018cc026cf0415cd9dc7a48aea9bae4864d8fd6cadcb7d274baaacf9e4b
Company Visitor Management version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
a3ae790e1f332d8ff787915e2feb853d7c3e614aeaea67361861ea7d18bb27df
Client Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
25d183ad1ab808d8eb37c605403875c32f55a1eb9742ca2f0a1e77e0b7ce0951
CCMS Project version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
de9151d5ff302677fb5da77053693b392b8644cb6845abb56a920fd62a7f579c
Biobook Social Networking Site version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
fa0e4caf860abda8bbabc5103e38c78e393907f876e4a4b9d5dd3cb7513396cf
This Metasploit module exploit a remote SQL injection vulnerability in the CBEC service of DIAEnergie versions 1.10 and below from Delta Electronics. The commands will get executed in the context of NT AUTHORITY\SYSTEM.
bc4decf9aef605b2aae1085d9e9000478f002049033c464b464f96b76bc2de05
AVMS Project version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
44299386859b222bfbf61e5b31081de5872353d1be32639a637563ae9c557c3f