Lucene search
K

216516 matches found

Nuclei
Nuclei
added 9 hours ago34 views

WordPress Visitor Statistics (Real Time Traffic) <4.8 -SQL Injection

WordPress Visitor Statistics Real Time Traffic plugin before 4.8 does not properly sanitize and escape the refUrl in the refDetails AJAX action, which is available to any authenticated user. This could allow users with a role as low as subscriber to perform SQL injection attacks. id: CVE-2021-247...

8.8CVSS7.3AI score0.38298EPSS
Exploits5References5
Nuclei
Nuclei
added 9 hours ago29 views

Rosario Student Information System Unauthenticated SQL Injection

An unauthenticated SQL injection vulnerability in Rosario Student Information System aka rosariosis 8.1 and below allow remote attackers to execute PostgreSQL statements e.g., SELECT, INSERT, UPDATE, and DELETE through /Side.php via the syear parameter. id: CVE-2021-44427 info: name: Rosario...

9.8CVSS7.5AI score0.50641EPSS
Exploits1References5
Nuclei
Nuclei
added 9 hours ago25 views

WordPress Car Seller - Auto Classifieds Script - SQL Injection

The requestlistrequest AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitize, validate or escape the orderid POST parameter before using it in a SQL statement, leading to a SQL injection...

9.8CVSS7.4AI score0.14697EPSS
Exploits2References5
Nuclei
Nuclei
added 9 hours ago31 views

MetInfo 7.0.0 beta - SQL Injection

MetInfo 7.0.0 beta is susceptible to SQL injection via the admin/?n=language&c=languagegeneral&a=doSearchParameter appno parameter a different issue than CVE-2019-16997. id: CVE-2019-17418 info: name: MetInfo 7.0.0 beta - SQL Injection author: ritikchaddha severity: high description: | MetInfo...

7.2CVSS7.1AI score0.49299EPSS
Exploits1References5
Nuclei
Nuclei
added 9 hours ago17 views

PHPGurukul Dairy Farm Shop Management System 1.0 - SQL Injection

PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in...

9.8CVSS6.8AI score0.15652EPSS
Exploits1References4
Nuclei
Nuclei
added 9 hours ago32 views

74cms - ajax_officebuilding.php SQL Injection

A SQL injection vulnerability exists in 74cms 3.2.0 via the x parameter to ajaxofficebuilding.php. id: CVE-2020-22210 info: name: 74cms - ajaxofficebuilding.php SQL Injection author: ritikchaddha severity: critical description: | A SQL injection vulnerability exists in 74cms 3.2.0 via the x...

9.8CVSS6.9AI score0.08579EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago25 views

Metinfo 7.0.0 beta - SQL Injection

Metinfo 7.0.0 beta is susceptible to SQL Injection in app/system/language/admin/languagegeneral.class.php via the admin/?n=language&c=languagegeneral&a=doExportPack appno parameter. id: CVE-2019-16997 info: name: Metinfo 7.0.0 beta - SQL Injection author: ritikchaddha severity: high description:...

7.2CVSS7.1AI score0.49398EPSS
Exploits1References5
Nuclei
Nuclei
added 9 hours ago17 views

WordPress zm-gallery plugin 1.0 SQL Injection

zm-gallery plugin 1.0 for WordPress is susceptible to SQL injection via the order parameter. id: CVE-2016-10940 info: name: WordPress zm-gallery plugin 1.0 SQL Injection author: cckuailong,daffainfo severity: high description: zm-gallery plugin 1.0 for WordPress is susceptible to SQL injection vi...

7.2CVSS7.1AI score0.05523EPSS
Exploits2References5
Nuclei
Nuclei
added 9 hours ago49 views

Adminer <=4.8.0 - Cross-Site Scripting

Adminer 4.6.1 to 4.8.0 contains a cross-site scripting vulnerability which affects users of MySQL, MariaDB, PgSQL, and SQLite in browsers without CSP when Adminer uses a pdo extension to communicate with the database it is used if the native extensions are not enabled. id: CVE-2021-29625 info:...

7.5CVSS6.6AI score0.09572EPSS
Exploits1References5
Nuclei
Nuclei
added 9 hours ago192 views

WooCommerce Blocks 2.5 to 5.5 - Unauthenticated SQL Injection

woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce Blocks feature plugin between version 2.5.0 and prior to version 2.5.16. Via a carefully crafted URL, an exploit can be...

7.5CVSS7.3AI score0.17227EPSS
Exploits2References5
Nuclei
Nuclei
added 9 hours ago56 views

Subrion CMS <4.1.5.10 - SQL Injection

Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $GET array. id: CVE-2017-11444 info: name: Subrion CMS 4.1.5.10 - SQL Injection author: dwisiswant0 severity: critical description: "Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in...

9.8CVSS7.4AI score0.13098EPSS
Exploits1References5
Nuclei
Nuclei
added 9 hours ago27 views

Joomla! Component Canteen 1.0 - Local File Inclusion

A SQL injection vulnerability in menu.php in the Canteen comcanteen component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the mealid parameter to index.php. id: CVE-2010-4977 info: name: Joomla! Component Canteen 1.0 - Local File Inclusion author: daffainfo...

7.5CVSS6.1AI score0.15251EPSS
Exploits1References5
Nuclei
Nuclei
added 9 hours ago28 views

IBAX - SQL Injection

IBAX go-ibax functionality is susceptible to SQL injection via the file /api/v2/open/rowsInfo. The manipulation of the argument tablename leads to SQL injection, and the attack may be launched remotely. An attacker can potentially obtain sensitive information, modify data, and/or execute...

8.8CVSS7.1AI score0.02241EPSS
Exploits0References4
Nuclei
Nuclei
added 9 hours ago14 views

FlipperCode Custom CSS, JS & PHP <= 2.0.7 - Remote Code Execution

Custom css-js-php WordPress plugin through 2.0.7 contains a command injection caused by unsanitized user input used in SQL query and passed to eval, letting unauthenticated attackers execute arbitrary PHP code on the server. id: CVE-2026-6433 info: name: FlipperCode Custom CSS, JS & PHP = 2.0.7 -...

7.3CVSS6.2AI score0.00753EPSS
Exploits1References4
Nuclei
Nuclei
added 9 hours ago8 views

WordPress ARMember Premium <= 7.3.1 - Unauthenticated SQL Injection

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'armdirectorypagingaction' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of...

7.5CVSS5.8AI score0.01383EPSS
Exploits1References4
Nuclei
Nuclei
added 9 hours ago30 views

WordPress RSVPMaker <=9.3.2 - SQL Injection

WordPress RSVPMaker plugin through 9.3.2 contains a SQL injection vulnerability due to insufficient escaping and parameterization on user-supplied data passed to multiple SQL queries in /rsvpmaker-email.php. An attacker can possibly obtain sensitive information, modify data, and/or execute...

9.8CVSS7.3AI score0.12003EPSS
Exploits3References5
Nuclei
Nuclei
added 9 hours ago29 views

Good Layers LMS Plugin <= 2.1.4 - SQL Injection

An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin = 2.1.4 exists due to the usage of "wpajaxnopriv" call in WordPress, which allows any unauthenticated user to get access to the function "gdlrlmscancelbooking" where POST Parameter "id" was sent straight into SQL query witho...

9.8CVSS7.4AI score0.1064EPSS
Exploits2References3
Nuclei
Nuclei
added 9 hours ago44 views

ZEROF Web Server 1.0 - SQL Injection

ZEROF Web Server 1.0 April 2021 allows SQL Injection via the /HandleEvent endpoint for the login page. id: CVE-2021-30175 info: name: ZEROF Web Server 1.0 - SQL Injection author: edoardottt severity: critical description: | ZEROF Web Server 1.0 April 2021 allows SQL Injection via the /HandleEvent...

9.8CVSS7.4AI score0.08548EPSS
Exploits0References4
Nuclei
Nuclei
added 9 hours ago34 views

Hospital Management System 1.0 - SQL Injection

Hospital Management System 1.0 contains a SQL injection vulnerability via the editid parameter in /HMS/admin.php. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id:...

7.2CVSS7.2AI score0.03745EPSS
Exploits1References5
Nuclei
Nuclei
added 9 hours ago52 views

Doctor Appointment System 1.0 - SQL Injection

SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page. id: CVE-2021-27314 info: name: Doctor Appointment System 1.0 - SQL Injection author: theamanrawat severity: critical description: |...

9.8CVSS7.4AI score0.12394EPSS
Exploits3References3
Rows per page
Query Builder