Organizer Security Vulnerabilities

CVE-2023-38513

Authorization Bypass Through User-Controlled Key vulnerability in Jordy Meow Photo Engine (Media Organizer & Lightroom).This issue affects Photo Engine (Media Organizer & Lightroom): from n/a through...

CVE-2015-10034

A vulnerability has been found in j-nowak workout-organizer and classified as critical. This vulnerability affects unknown code. The manipulation leads to sql injection. The patch is identified as 13cd6c3d1210640bfdb39872b2bb3597aa991279. It is recommended to apply a patch to fix this issue....

CVE-2021-24890

The Scripts Organizer WordPress plugin before 3.0 does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any way, which could allow unauthenticated users to put arbitrary PHP code in a...

CVE-2022-30998

Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in WooPlugins.co's Homepage Product Organizer for WooCommerce plugin <= 1.1 at...

CVE-2020-24144

Directory traversal in the Media File Organizer (aka media-file-organizer) plugin 1.0.1 for WordPress lets an attacker get access to files that are stored outside the web root folder via the items[] parameter in a move...

CVE-2019-9908

The font-organizer plugin 2.1.1 for WordPress has wp-admin/options-general.php manage_font_id...

CVE-2012-6511

Multiple cross-site scripting (XSS) vulnerabilities in organizer/page/users.php in the Organizer plugin 1.2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) delete_id parameter or (2) extension parameter in an "Update Setting" action to...

CVE-2012-6512

The Organizer plugin 1.2.1 for WordPress allows remote attackers to obtain the installation path via unspecified vectors to (1) plugin_hook.php, (2) page/index.php, (3) page/dir.php (4) page/options.php, (5) page/resize.php, (6) page/upload.php, (7) page/users.php, or (8)...

CVE-2010-4982

SQL injection vulnerability in address_book/contacts.php in My Kazaam Address & Contact Organizer allows remote attackers to execute arbitrary SQL commands via the var1...

CVE-2008-7181

Butterfly Organizer 2.0.0 allows remote attackers to (1) delete arbitrary categories via a modified tablehere parameter to category-delete.php with the is_js_confirmed parameter set to 1, or (2) delete arbitrary accounts via the mytable parameter to...

CVE-2008-6700

Multiple cross-site scripting (XSS) vulnerabilities in Butterfly Organizer 2.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) mytable parameter to view.php, (2) mytable parameter to viewdb2.php, (3) tablehere parameter to category-rename.php, and (4) letter parameter...

CVE-2008-6311

SQL injection vulnerability in view.php in Butterfly Organizer 2.0.1 allows remote attackers to execute arbitrary SQL commands via the mytable parameter. NOTE: the id vector is covered by another CVE...

CVE-2008-6328

SQL injection vulnerability in view.php in Butterfly Organizer 2.0.0 and 2.0.1 allows remote attackers to execute arbitrary SQL commands via the id...

CVE-2006-6245

Multiple SQL injection vulnerabilities in Photo Organizer (PO) 2.32b and earlier allow remote attackers to execute arbitrary SQL commands via unspecified...

CVE-2006-6246

Photo Organizer 2.32b and earlier does not properly check the ownership of certain objects, which allows remote attackers to gain unauthorized access via vectors related to (1) camera del, (2) camera edit, (3) folder/album deletion, (4) photo.move, (5) content.indexer, (6) folder.content, and...

CVE-2006-5237

SQL injection vulnerability in Blue Smiley Organizer before 4.46 allows remote attackers to execute arbitrary SQL commands via unspecified...

CVE-2006-5238

Unspecified vulnerability in the file upload module in Blue Smiley Organizer before 4.45 has unknown impact and attack...