blockisec/PoCs
GitHub
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 9.8 CRITICAL | — | ||
Seltmann GmbH Content Management System 6 is vulnerable to SQL Injection via /index.php. | |||
| 9.8 CRITICAL | 7.5 HIGH | ||
dynamicMarkt <= 3.10 is affected by SQL injection in the kat1 parameter of index.php. | |||
| 9.8 CRITICAL | 7.5 HIGH | ||
dynamicMarkt <= 3.10 is affected by SQL injection in the kat parameter of index.php. | |||
| 9.8 CRITICAL | 7.5 HIGH | ||
dynamicMarkt <= 3.10 is affected by SQL injection in the parent parameter of index.php. | |||
| 8.8 HIGH | 6.5 MEDIUM | ||
In Afian Filerun 20220202, lack of sanitization of the POST parameter "metadata[]" in `/?module=fileman§ion=get&page=grid` leads to SQL injection. | |||
| 9.8 CRITICAL | 7.5 HIGH | ||
H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_group_edit&agID. | |||
| 9.8 CRITICAL | 7.5 HIGH | ||
H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/categories.php?box_group_id. | |||
| 9.8 CRITICAL | 7.5 HIGH | ||
H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_access_group_edit&aagID. | |||
| 5.4 MEDIUM | 3.5 LOW | ||
A cross-site scripting (XSS) vulnerability in H.H.G Multistore v5.1.0 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the State parameter under the Address Book module. | |||
| 9.8 CRITICAL | 7.5 HIGH | ||
H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/customers.php?page=1&cID. | |||