The exploit allows an attacker to perform SQL injection through the 'selectRole' parameter in Zabbix version 7.0.0. This vulnerability is identified as CVE-2024-42327.
The Jasmin Ransomware application is vulnerable to SQL Injection which allows an attacker to bypass authentication on the login page by inserting a specially crafted payload into the email and code fields. By entering the payload '=' 'or' in both the email and code fields, an attacker can bypass the authentication and gain unauthorized access to the admin panel.
An unauthenticated SQL injection vulnerability was found in KiviCare Clinic & Patient Management System (EHR) version 3.6.4. The vulnerability exists in the tax_calculated_data AJAX action, where the visit_type[service_id] parameter is insufficiently escaped, allowing attackers to execute SQL injection attacks.
The TimeProvider® 4100 Grandmaster firmware version 2.4.6 is vulnerable to SQL injection in the 'get_chart_data' web resource. The 'channelId' parameter is directly inserted into the SQL query, allowing unauthenticated attackers to manipulate queries and execute malicious SQL commands.
A SQL injection vulnerability exists in the login functionality of NEWS-BUZZ News Management System version 1.0. This vulnerability allows an attacker to manipulate the SQL query by altering the user_name parameter, potentially leading to unauthorized access to the database.
A SQL injection vulnerability was discovered in OS4Ed Open Source Information System Community version 9.1. By manipulating the 'X-Forwarded-For' header parameters in a POST request to /Ajax.php, an attacker can execute malicious SQL queries.
An authenticated SQL injection vulnerability was found in CSZCMS v1.3.0. By manipulating the 'View' button next to a username in the Member Users section, an attacker can inject malicious SQL code using the 'sleep' function. This could lead to unauthorized access to the database or execution of arbitrary SQL queries.
The 'bid' parameter in /delete.php of Code-Projects Blood Bank V1.0 is vulnerable to Out-of-Band SQL Injection. Attackers can exploit this by using Burp Collaborator to execute OOB SQL injection attacks, potentially gaining access to sensitive data.
The Open Source Medicine Ordering System v1.0 is vulnerable to SQL Injection. By exploiting this vulnerability, an attacker can extract sensitive data from the database, such as admin users' information.
OpenCart Core 4.0.2.3 is vulnerable to SQL Injection through the 'search' parameter in the URL /index.php?route=product/search&search=. Exploiting this vulnerability can lead to a potential compromise of the application, unauthorized access or modification of data, and exploitation of hidden database vulnerabilities.
Services By CQR