Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
blind sql injection vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2007-5643
Multiple SQL injection vulnerabilities in Lussumo Vanilla 1.1.3 and previous versions allow remote malicious users to execute arbitrary SQL commands via (1) the CategoryID parameter to ajax/sortcategories.php or (2) an unspecified vector to ajax/sortroles.php.
Lussumo Vanilla
1 EDB exploit
7.5
CVSSv2
CVE-2009-4436
Multiple SQL injection vulnerabilities in Active Web Softwares eWebquiz 8 allow remote malicious users to execute arbitrary SQL commands via the QuizID parameter to (1) questions.asp, (2) importquestions.asp, and (3) quiztakers.asp, different vectors than CVE-2007-1706.
Activewebsoftwares Ewebquiz 8.0
1 EDB exploit
7.5
CVSSv2
CVE-2008-1591
The pnVarPrepForStore function in PostNuke 0.764 and previous versions skips input sanitization when magic_quotes_runtime is enabled, which allows remote malicious users to conduct SQL injection attacks and execute arbitrary SQL commands via input associated with server variables...
Postnuke Postnuke
1 EDB exploit
7.5
CVSSv2
CVE-2009-3503
Multiple SQL injection vulnerabilities in search.aspx in BPowerHouse BPHolidayLettings 1.0 allow remote malicious users to execute arbitrary SQL commands via the (1) rid and (2) tid parameters.
Bpowerhouse Bpholidaylettings 1.0
1 EDB exploit
4.3
CVSSv2
CVE-2010-4913
Cross-site scripting (XSS) vulnerability in the search feature in ColdGen ColdUserGroup 1.06 allows remote malicious users to inject arbitrary web script or HTML via the Keywords parameter. NOTE: some of these details are obtained from third party information.
Coldgen Coldusergroup 1.06
1 EDB exploit
7.5
CVSSv2
CVE-2008-2770
SQL injection vulnerability in index.php in MycroCMS 0.5, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the entry_id parameter.
Mycrocms Mycrocms 0.5
1 EDB exploit
7.5
CVSSv2
CVE-2007-6622
SQL injection vulnerability in security.php in ZeusCMS 0.3 and previous versions allows remote malicious users to execute arbitrary SQL commands via the Referer HTTP header.
Zeuscms Zeuscms
1 EDB exploit
5
CVSSv2
CVE-2007-6623
Absolute path traversal vulnerability in ZeusCMS 0.3 and previous versions might allow remote malicious users to list arbitrary directories via a full pathname in the dir parameter.
Zeuscms Zeuscms
1 EDB exploit
7.5
CVSSv2
CVE-2014-100003
SQL injection vulnerability in includes/ym-download_functions.include.php in the Code Futures YourMembers plugin for WordPress allows remote malicious users to execute arbitrary SQL commands via the ym_download_id parameter to the default URI.
Yourmembers Project Yourmembers -
1 EDB exploit
6.8
CVSSv2
CVE-2008-6146
SQL injection vulnerability in pm.php in DeluxeBB 1.2 and previous versions, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via a delete##### parameter in a Delete action, a different vector than CVE-2005-2989.
Deluxebb Deluxebb
Deluxebb Deluxebb 1.09
Deluxebb Deluxebb 1.07
Deluxebb Deluxebb 1.08
Deluxebb Deluxebb 1.1
Deluxebb Deluxebb 1.0
Deluxebb Deluxebb 1.05
Deluxebb Deluxebb 1.06
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »