Ahmet Ümit BAYRAM

106 exploits Active since Jun 2019
CVE-2019-25642 EXPLOITDB HIGH text WORKING POC
Bootstrapy CMS Lastest Multiple SQL Injection via Forum and Contact Modules
Bootstrapy CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. Attackers can inject SQL payloads into the thread_id parameter of forum-thread.php, the subject parameter of contact-submit.php, the post-id parameter of post-new-submit.php, and the thread-id parameter to extract sensitive database information or cause denial of service.
CVSS 8.2
CVE-2019-25641 EXPLOITDB HIGH text WORKING POC
Netartmedia Vlog System Lastest SQL Injection via email Parameter
Netartmedia Vlog System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to index.php with malicious email values in the forgotten_password module to extract sensitive database information.
CVSS 8.2
CVE-2019-25640 EXPLOITDB HIGH text WORKING POC
Inout Article Base CMS Lastest SQL Injection via portalLogin.php
Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the 'p' and 'u' parameters. Attackers can inject SQL code using XOR-based payloads in GET requests to portalLogin.php to extract sensitive database information or cause denial of service through time-based attacks.
CVSS 8.2
CVE-2019-25639 EXPLOITDB HIGH text WORKING POC
Matrimony Website Script M-Plus Multiple SQL Injection
Matrimony Website Script M-Plus contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various POST parameters. Attackers can inject malicious SQL payloads into parameters like txtGender, religion, Fage, and cboCountry across simplesearch_results.php, advsearch_results.php, specialcase_results.php, locational_results.php, and registration2.php to extract sensitive database information or execute arbitrary SQL commands.
CVSS 8.2
CVE-2019-25638 EXPLOITDB HIGH text WORKING POC
Meeplace Business Review Script Lastest SQL Injection via addclick.php
Meeplace Business Review Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the addclick.php endpoint with crafted SQL payloads in the 'id' parameter to extract sensitive database information or cause denial of service.
CVSS 7.1
CVE-2019-25636 EXPLOITDB HIGH text WORKING POC
Zeeways Jobsite CMS Lastest SQL Injection via id Parameter
Zeeways Jobsite CMS contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' GET parameter. Attackers can send crafted requests to news_details.php, jobs_details.php, or job_cmp_details.php with malicious 'id' values using GROUP BY and CASE statements to extract sensitive database information.
CVSS 8.2
CVE-2019-25635 EXPLOITDB HIGH text WORKING POC
Zeeways Matrimony CMS Lastest SQL Injection via profile_list
Zeeways Matrimony CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the profile_list endpoint. Attackers can inject SQL code via the up_cast, s_mother, and s_religion parameters to extract sensitive database information using time-based or error-based techniques.
CVSS 8.2
CVE-2019-25543 EXPLOITDB HIGH text WORKING POC
Netartmedia Real Estate Portal 5.0 - SQL Injection
Netartmedia Real Estate Portal 5.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the page parameter. Attackers can submit POST requests to index.php with malicious SQL payloads in the page field to bypass authentication, extract sensitive data, or modify database contents.
CVSS 8.2
CVE-2019-25542 EXPLOITDB HIGH text WORKING POC
Netartmedia Real Estate Portal 5.0 - SQL Injection
Netartmedia Real Estate Portal 5.0 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user_email parameter. Attackers can send POST requests to index.php with malicious payloads in the user_email field to bypass authentication, extract sensitive data, or modify database contents.
CVSS 8.2
CVE-2019-25541 EXPLOITDB HIGH text WORKING POC
Netartmedia PHP Mall 4.1 - SQL Injection
Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through unvalidated parameters. Attackers can inject time-based blind SQL payloads via the 'id' parameter in index.php or the 'Email' parameter in loginaction.php to extract sensitive database information.
CVSS 8.2
CVE-2019-25540 EXPLOITDB HIGH text WORKING POC
Netartmedia PHP Mall 4.1 - SQL Injection
Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various parameters. Attackers can craft malicious requests with SQL payloads to extract sensitive database information including user credentials and system data.
CVSS 8.2
CVE-2019-25537 EXPLOITDB HIGH text WORKING POC
Netartmedia Event Portal 2.0 - SQL Injection
Netartmedia Event Portal 2.0 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with malicious SQL payloads in the Email field to extract sensitive database information.
CVSS 8.2
CVE-2019-25536 EXPLOITDB HIGH text WORKING POC
Netartmedia PHP Real Estate Agency 4.0 - SQL Injection
Netartmedia PHP Real Estate Agency 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features[] parameter. Attackers can send POST requests to index.php with crafted SQL payloads in the features[] parameter to extract sensitive database information or manipulate database queries.
CVSS 8.2
CVE-2019-25535 EXPLOITDB HIGH text WORKING POC
Netartmedia PHP Dating Site - SQL Injection
Netartmedia PHP Dating Site contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with time-based SQL injection payloads in the Email field to extract sensitive database information.
CVSS 8.2
CVE-2019-25534 EXPLOITDB HIGH text WORKING POC
Netartmedia PHP Car Dealer - SQL Injection
Netartmedia PHP Car Dealer contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features[] parameter. Attackers can submit POST requests to index.php with crafted SQL payloads in the features[] parameter to extract sensitive database information or manipulate database queries.
CVSS 8.2
CVE-2019-25533 EXPLOITDB HIGH text WORKING POC
Netartmedia PHP Business Directory 4.2 - SQL Injection
Netartmedia PHP Business Directory 4.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to the loginaction.php endpoint with crafted SQL payloads in the Email field to extract sensitive database information or bypass authentication.
CVSS 8.2
CVE-2019-25532 EXPLOITDB HIGH text WORKING POC
Netartmedia Jobs Portal 6.1 - SQL Injection
Netartmedia Jobs Portal 6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with crafted SQL payloads in the Email field to extract sensitive database information or bypass authentication.
CVSS 8.2
CVE-2019-25531 EXPLOITDB HIGH text WORKING POC
Netartmedia Deals Portal - SQL Injection
Netartmedia Deals Portal contains an SQL injection vulnerability in the Email parameter of loginaction.php that allows unauthenticated attackers to manipulate database queries. Attackers can submit crafted SQL payloads through POST requests to extract sensitive information or bypass authentication mechanisms.
CVSS 8.2
CVE-2019-25530 EXPLOITDB HIGH text WORKING POC
uHotelBooking System - SQL Injection
uHotelBooking System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the system_page GET parameter. Attackers can send crafted requests to index.php with malicious system_page values using time-based blind SQL injection techniques to extract sensitive database information.
CVSS 8.2
CVE-2019-25528 EXPLOITDB HIGH text WORKING POC
Inout EasyRooms Ultimate 1.0 - SQL Injection
Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the property1 parameter. Attackers can send POST requests to the search/searchdetailed endpoint with malicious SQL payloads to extract sensitive data or modify database contents.
CVSS 8.2
CVE-2019-25527 EXPLOITDB HIGH text WORKING POC
Inout EasyRooms Ultimate 1.0 - SQL Injection
Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the numguest parameter. Attackers can send POST requests to the search/searchdetailed endpoint with malicious SQL payloads to bypass authentication, extract sensitive data, or modify database contents.
CVSS 8.2
CVE-2019-25526 EXPLOITDB HIGH text WORKING POC
Inout EasyRooms Ultimate 1.0 - SQL Injection
Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the location parameter. Attackers can send POST requests to the search/searchdetailed endpoint with malicious SQL payloads in the location field to extract sensitive data or modify database contents.
CVSS 8.2
CVE-2019-25525 EXPLOITDB HIGH text WORKING POC
Inout EasyRooms Ultimate 1.0 - SQL Injection
Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the guests parameter. Attackers can send POST requests to the search/rentals endpoint with malicious SQL payloads to bypass authentication, extract sensitive data, or modify database contents.
CVSS 8.2
CVE-2019-25524 EXPLOITDB HIGH text WORKING POC
XooGallery Latest - SQL Injection
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to bypass authentication, extract sensitive data, or modify database contents.
CVSS 8.2
CVE-2019-25523 EXPLOITDB HIGH text WORKING POC
XooGallery Latest - SQL Injection
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat_id parameter. Attackers can send GET requests to cat.php with malicious cat_id values to bypass authentication, extract sensitive data, or modify database contents.
CVSS 8.2