Mehmet EMIROGLU

41 exploits Active since May 2019
CVE-2019-25699 EXPLOITDB HIGH text WORKING POC
Newsbull Haber Script 1.0.0 Authenticated SQL Injection via search parameter
Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter that allow authenticated attackers to extract database information through time-based, blind, and boolean-based injection techniques. Attackers can inject malicious SQL code through the search parameter in endpoints like /admin/comment/records, /admin/category/records, /admin/news/records, and /admin/menu/childs to manipulate database queries and retrieve sensitive data.
CVSS 7.1
CVE-2019-25704 EXPLOITDB HIGH text WORKING POC
Kados R10 GreenBee SQL Injection via filter_user_mail
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the filter_user_mail parameter. Attackers can send crafted requests with malicious SQL statements to extract sensitive database information or modify data.
CVSS 8.2
CVE-2019-25702 EXPLOITDB HIGH text WORKING POC
Kados R10 GreenBee SQL Injection via id_project Parameter
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the id_project parameter. Attackers can send crafted requests with malicious SQL statements in the id_project parameter to extract sensitive database information or modify data.
CVSS 8.2
CVE-2019-25700 EXPLOITDB HIGH text WORKING POC
Kados R10 GreenBee SQL Injection via sort_direction Parameter
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the sort_direction parameter. Attackers can submit malicious SQL statements in the sort_direction parameter to extract sensitive database information or modify data.
CVSS 8.2
CVE-2019-25698 EXPLOITDB HIGH text WORKING POC
Kados R10 GreenBee SQL Injection via id_to_delete Parameter
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the id_to_delete parameter. Attackers can send crafted requests with malicious SQL statements in the id_to_delete field to extract or modify sensitive database information.
CVSS 8.2
CVE-2019-25696 EXPLOITDB HIGH text WORKING POC
Kados R10 GreenBee SQL Injection via language_tag Parameter
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the language_tag parameter. Attackers can submit malicious SQL statements in the language_tag parameter to extract sensitive database information or modify data.
CVSS 8.2
CVE-2019-25694 EXPLOITDB HIGH text WORKING POC
Kados R10 GreenBee SQL Injection via user2reset
Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user2reset parameter. Attackers can send crafted requests with malicious SQL payloads to extract sensitive database information or modify data.
CVSS 8.2
CVE-2019-25692 EXPLOITDB HIGH text WORKING POC
Kados R10 GreenBee SQL Injection via id_to_modify Parameter
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'id_to_modify' parameter. Attackers can send crafted requests with malicious SQL statements in the id_to_modify field to extract sensitive database information or modify data.
CVSS 8.2
CVE-2019-25690 EXPLOITDB HIGH text WORKING POC
Kados R10 GreenBee SQL Injection via mng_profile_id
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the mng_profile_id parameter. Attackers can send crafted requests with malicious SQL payloads in the mng_profile_id parameter to extract sensitive database information.
CVSS 8.2
CVE-2019-25688 EXPLOITDB HIGH text WORKING POC
Kados R10 GreenBee SQL Injection via menu_lev1 Parameter
Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the menu_lev1 parameter. Attackers can send crafted requests with malicious SQL payloads in the menu_lev1 parameter to extract sensitive database information or modify database contents.
CVSS 8.2
CVE-2019-25684 EXPLOITDB HIGH text WORKING POC
OpenDocMan 1.3.4 SQL Injection via where Parameter
OpenDocMan 1.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'where' parameter. Attackers can send GET requests to search.php with malicious SQL payloads in the 'where' parameter to extract sensitive database information.
CVSS 8.2
CVE-2019-25664 EXPLOITDB HIGH text WORKING POC
SuiteCRM 7.10.7 SQL Injection via record Parameter
SuiteCRM 7.10.7 contains a time-based SQL injection vulnerability in the record parameter of the Users module DetailView action that allows authenticated attackers to manipulate database queries. Attackers can append SQL code to the record parameter in GET requests to the index.php endpoint to extract sensitive database information through time-based blind SQL injection techniques.
CVSS 7.1
CVE-2019-25663 EXPLOITDB HIGH text WORKING POC
SuiteCRM 7.10.7 SQL Injection via parentTab Parameter
SuiteCRM 7.10.7 contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the parentTab parameter. Attackers can send GET requests to the email module with malicious parentTab values using boolean-based SQL injection techniques to extract sensitive database information.
CVSS 7.1
CVE-2019-25672 EXPLOITDB HIGH text WORKING POC
PilusCart 1.4.1 SQL Injection via send Parameter
PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to extract sensitive database information.
CVSS 8.2
CVE-2019-25669 EXPLOITDB HIGH text WORKING POC
qdPM 9.1 SQL Injection via search_by_extrafields Parameter
qdPM 9.1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the search_by_extrafields[] parameter. Attackers can send POST requests to the users endpoint with malicious search_by_extrafields[] values to trigger SQL syntax errors and extract database information.
CVSS 8.2
CVE-2019-25643 EXPLOITDB HIGH text WORKING POC
eNdonesia Portal v8.7 SQL Injection via banners.php
eNdonesia Portal v8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bid parameter. Attackers can send GET requests to banners.php with crafted SQL payloads in the bid parameter to extract sensitive database information from the INFORMATION_SCHEMA tables.
CVSS 8.2
CVE-2019-25539 EXPLOITDB HIGH text WORKING POC
202CMS v10 beta - Unauthenticated Blind SQL Injection via log_user Parameter
202CMS v10 beta contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the log_user parameter. Attackers can send POST requests to index.php with crafted SQL payloads using time-based blind injection techniques to extract sensitive database information.
CVSS 8.2
CVE-2019-25538 EXPLOITDB HIGH text WORKING POC
202CMS v10 beta - Unauthenticated SQL Injection via log_user Parameter
202CMS v10 beta contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the log_user parameter. Attackers can send crafted requests with malicious SQL statements in the log_user field to extract sensitive database information or modify database contents.
CVSS 8.2
CVE-2019-25486 EXPLOITDB HIGH text WORKING POC
Varient 1.6.1 - Unauthenticated SQL Injection via user_id Parameter
Varient 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user_id parameter. Attackers can submit POST requests with crafted SQL payloads in the user_id field to bypass authentication and extract sensitive database information.
CVSS 8.2
CVE-2019-25497 EXPLOITDB HIGH text WORKING POC
osCommerce < 2.3.4.1 - Unauthenticated SQL Injection via Currency Parameter
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the currency parameter. Attackers can send GET requests to shopping_cart.php with malicious currency values using boolean-based SQL injection payloads to extract sensitive database information.
CVSS 8.2
CVE-2019-25496 EXPLOITDB HIGH text WORKING POC
osCommerce 2.3.4.1 - Unauthenticated SQL Injection via products_id Parameter
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the products_id parameter. Attackers can modify the products_id value in product_info.php requests and append boolean-based SQL injection payloads to extract sensitive database information.
CVSS 8.2
CVE-2019-25495 EXPLOITDB HIGH text WORKING POC
osCommerce 2.3.4.1 - Unauthenticated SQL Injection via reviews_id Parameter
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the reviews_id parameter. Attackers can send GET requests to product_reviews_write.php with malicious reviews_id values using boolean-based SQL injection payloads to extract sensitive database information.
CVSS 8.2
EIP-2026-114369 EXPLOITDB text WORKING POC
WorkSuite PRM 2.4 - 'password' SQL Injection
CVE-2019-8404 EXPLOITDB MEDIUM text WRITEUP
Webiness Inventory 2.3 - Arbitrary File Upload via Product Image
An issue was discovered in Webiness Inventory 2.3. The ProductModel component allows Arbitrary File Upload via a crafted product image during the creation of a new product. Consequently, an attacker can steal information from the site with the help of an installed executable file, or change the contents of pages.
CVSS 6.5
EIP-2026-113314 EXPLOITDB text WORKING POC
Webiness Inventory 2.3 - 'email' SQL Injection