8.8
CVE-2019-25536 - Netartmedia PHP Real Estate Agency 4.0 SQL Injection via features parameter
Netartmedia PHP Real Estate Agency 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features[] parameter. Attackers can send POST requests to index.php with crafted SQL payloads in the featuresโฆ
8.8
CVE-2019-25535 - Netartmedia PHP Dating Site SQL Injection via loginaction.php
Netartmedia PHP Dating Site contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with time-based SQL injection payloads in the Email field toโฆ
8.8
CVE-2019-25534 - Netartmedia PHP Car Dealer SQL Injection via features parameter
Netartmedia PHP Car Dealer contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features[] parameter. Attackers can submit POST requests to index.php with crafted SQL payloads in the features[] parametโฆ
8.8
CVE-2019-25533 - Netartmedia PHP Business Directory 4.2 SQL Injection via loginaction.php
Netartmedia PHP Business Directory 4.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to the loginaction.php endpoint with crafted SQL payloads in the Emโฆ
8.8
CVE-2019-25532 - Netartmedia Jobs Portal 6.1 SQL Injection via loginaction.php
Netartmedia Jobs Portal 6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with crafted SQL payloads in the Email field to extract senโฆ
8.8
CVE-2019-25531 - Netartmedia Deals Portal Lastest SQL Injection via loginaction.php
Netartmedia Deals Portal contains an SQL injection vulnerability in the Email parameter of loginaction.php that allows unauthenticated attackers to manipulate database queries. Attackers can submit crafted SQL payloads through POST requests to extract sensitive information or bypass authentication โฆ
8.8
CVE-2019-25530 - uHotelBooking System Lastest SQL Injection via system_page Parameter
uHotelBooking System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the system_page GET parameter. Attackers can send crafted requests to index.php with malicious system_page values using time-based blind SQโฆ
7.1
CVE-2019-25529 - Placeto CMS Alpha rv.4 SQL Injection via page Parameter
Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Attackers can send GET requests to the admin/edit.php endpoint with malicious 'page' values using boolean-based blindโฆ
8.8
CVE-2019-25528 - Inout EasyRooms Ultimate Edition v1.0 SQL Injection via search
Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the property1 parameter. Attackers can send POST requests to the search/searchdetailed endpoint with malicious SQL payloadโฆ
8.8
CVE-2019-25527 - Inout EasyRooms Ultimate Edition v1.0 SQL Injection via searchdetailed
Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the numguest parameter. Attackers can send POST requests to the search/searchdetailed endpoint with malicious SQL payloadsโฆ