The SQL Injection vulnerability exists in RosarioSIS 7.6 through the 'votes' parameter. By manipulating the 'votes' parameter in the POST request, an attacker can inject malicious SQL queries. This can lead to unauthorized access to the database, data manipulation, and potentially further exploitation of the system. This vulnerability has been assigned the CVE identifier CVE-2021-44567.
The ABB Cylon Aspect 3.08.03 BMS/BAS controller is vulnerable to SQL injection through the key and user parameters, as they are not properly sanitized. This allows attackers to manipulate SQL queries, potentially leading to unauthorized access to the database or execution of arbitrary SQL commands.
The Slider & Popup Builder by Depicter plugin for WordPress up to version 3.6.1 is vulnerable to SQL Injection through the 's' parameter. Attackers can inject additional SQL queries to extract sensitive data from the database due to lack of proper input validation and escaping.
The Smart Manager plugin version 8.27.0 is vulnerable to a post-authenticated SQL injection due to improper sanitization of input parameters. Attackers with high privileges like administrators can exploit this issue by manipulating the 'sort_params%5BsortOrder%5D' and 'sort_params%5Bcolumn%5D' parameters in the admin AJAX endpoint (/wp-admin/admin-ajax.php). This allows attackers to inject malicious SQL commands, resulting in a time-based SQL injection vulnerability.
The exploit allows an attacker to perform SQL injection in PandoraFMS version 7.0NG.772. By manipulating certain parameters, an attacker can inject malicious SQL queries, potentially gaining unauthorized access to the database. This vulnerability has been assigned CVE-2023-44088.
The vulnerability in Gnuboard5 version 5.3.2.8 allows an attacker to execute arbitrary SQL queries through the 'mysql_user', 'mysql_pass', 'mysql_db', and 'table_prefix' parameters in the 'install_db.php' script, leading to unauthorized access to the database. This exploit utilizes SQL injection to manipulate the SQL queries, potentially resulting in data leakage, modification, or deletion. The CVE associated with this vulnerability is CVE-2020-18662.
The exploit involves performing SQL injection in Feng Office version 3.11.1.2 by manipulating the 'dim' parameter value in the HTTP GET request. By using tools like SQLMap, an attacker can automate the injection process to access or manipulate the database.
The Xinet Elegant 6 Asset Library version 6.1.655 is vulnerable to pre-auth SQL injection. An attacker can exploit this vulnerability to dump tables, usernames, and passwords by manipulating the 'LoginForm[username]' parameter.
Jasmin Ransomware's web panel allows authenticated users to download arbitrary files due to a SQL Injection vulnerability, potentially leading to unauthorized access to sensitive data. This vulnerability has been assigned CVE-2025-XXXXX.
The Pimcore Customer Data Framework version 4.2.0 is vulnerable to SQL injection. An attacker can exploit this by manipulating the input fields to inject SQL queries, potentially gaining unauthorized access to the database.
Services By CQR