Mehmet Emiroglu

Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter that allow authenticated attackers to extract database information through time-based, blind, and boolean-based injection techniques. Attackers can inject malicious SQL code through the search parameter in endpoints like /admin/comment/records, /admin/category/records, /admin/news/records, and /admin/menu/childs to manipulate database queries and retrieve sensitive data.

qdPM 9.1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the search by extrafields[] parameter. Attackers can send POST requests to the users endpoint with malicious search by extrafields[] values to trigger SQL syntax errors and extract database information.

PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to extract sensitive database information.

OpenDocMan 1.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'where' parameter. Attackers can send GET requests to search.php with malicious SQL payloads in the 'where' parameter to extract sensitive database information.

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the mng profile id parameter. Attackers can send crafted requests with malicious SQL payloads in the mng profile id parameter to extract sensitive database information.

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'id to modify' parameter. Attackers can send crafted requests with malicious SQL statements in the id to modify field to extract sensitive database information or modify data.

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user2reset parameter. Attackers can send crafted requests with malicious SQL payloads to extract sensitive database information or modify data.

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the language tag parameter. Attackers can submit malicious SQL statements in the language tag parameter to extract sensitive database information or modify data.

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the id to delete parameter. Attackers can send crafted requests with malicious SQL statements in the id to delete field to extract or modify sensitive database information.

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the sort direction parameter. Attackers can submit malicious SQL statements in the sort direction parameter to extract sensitive database information or modify data.

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the id project parameter. Attackers can send crafted requests with malicious SQL statements in the id project parameter to extract sensitive database information or modify data.

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the filter user mail parameter. Attackers can send crafted requests with malicious SQL statements to extract sensitive database information or modify data.

SuiteCRM 7.10.7 contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the parentTab parameter. Attackers can send GET requests to the email module with malicious parentTab values using boolean-based SQL injection techniques to extract sensitive database information.

SuiteCRM 7.10.7 contains a time-based SQL injection vulnerability in the record parameter of the Users module DetailView action that allows authenticated attackers to manipulate database queries. Attackers can append SQL code to the record parameter in GET requests to the index.php endpoint to extract sensitive database information through time-based blind SQL injection techniques.

**Name of the Vulnerable Software and Affected Versions** eNdonesia Portal version 8.7 **Description** Unauthenticated attackers can execute arbitrary SQL queries by injecting malicious code through the `bid` parameter. This is achieved by sending GET requests to the 'banners.php' endpoint with crafted SQL payloads to extract sensitive database information from the INFORMATION SCHEMA tables. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Varient version 1.6.1 **Description** An SQL injection issue exists that allows unauthenticated attackers to manipulate database queries. This is achieved by injecting SQL code through the `user id` parameter. Attackers can send POST requests with crafted SQL payloads in the `user id` field to bypass authentication and extract sensitive database information. The vulnerable API endpoint accepts POST requests with the `user id` parameter. **Recommendations** Apply a fix for Varient version 1.6.1.

**Name of the Vulnerable Software and Affected Versions** osCommerce version 2.3.4.1 **Description** The software contains a SQL injection issue that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL code through the `reviews id` parameter. By sending GET requests to the ''product reviews write.php'' endpoint with malicious `reviews id` values using boolean-based SQL injection payloads, attackers can extract sensitive database information. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the ''product reviews write.php'' endpoint. Sanitize the `reviews id` parameter to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** osCommerce version 2.3.4.1 **Description** The software contains a SQL injection issue that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL code through the `products id` parameter. Specifically, modifying the `products id` value in requests to the 'product info.php' resource and appending boolean-based SQL injection payloads allows extraction of sensitive database information. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize the `products id` parameter in 'product info.php' requests to prevent SQL injection.

**Name of the Vulnerable Software and Affected Versions** osCommerce version 2.3.4.1 **Description** The software contains a SQL injection issue that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL code through the `currency` parameter. By sending GET requests to the ''shopping cart.php'' endpoint with malicious `currency` values using boolean-based SQL injection payloads, attackers can extract sensitive database information. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the ''shopping cart.php'' endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** HotelDruid version 2.3.0 **Description** The issue affects the `nsextt`, `cambia1`, `mese fine`, `origine`, and `anno` parameters in several PHP files, including `creaprezzi.php`, `tabella3.php`, `personalizza.php`, and `visualizza tabelle.php`, allowing for XSS exploitation. **Recommendations** For HotelDruid version 2.3.0, consider restricting access to the affected PHP files until a patch is available. As a temporary workaround, avoid using the `nsextt`, `cambia1`, `mese fine`, `origine`, and `anno` parameters in the affected API endpoints until the issue is resolved.