1767 matches found
CVE-2019-25640
Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the 'p' and 'u' parameters. Attackers can inject SQL code using XOR-based payloads in GET requests to portalLogin.php to extract sensitive database information...
CVE-2019-25640
Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the 'p' and 'u' parameters. Attackers can inject SQL code using XOR-based payloads in GET requests to portalLogin.php to extract sensitive database information...
CVE-2019-25575
SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'p' and 's' parameters. Attackers can send GET requests with crafted SQL payloads to extract sensitive database information...
CVE-2019-25575 SimplePress CMS 1.0.7 SQL Injection via p and s Parameters
SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'p' and 's' parameters. Attackers can send GET requests with crafted SQL payloads to extract sensitive database information...
CVE-2019-25575 SimplePress CMS 1.0.7 SQL Injection via p and s Parameters
SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'p' and 's' parameters. Attackers can send GET requests with crafted SQL payloads to extract sensitive database information...
CVE-2019-25575
CVE-2019-25575 affects SimplePress CMS 1.0.7. The vulnerability is an SQL injection in the web app that permits unauthenticated attackers to craft GET requests via the p and s parameters to execute arbitrary SQL. Impact per sources includes extraction of sensitive data such as usernames, database...
Sourceforge SimplePress CMS SQL注入漏洞
SourceForge SimplePress CMS is an open-source content management system developed by SourceForge. Version 1.0.7 of SourceForge SimplePress CMS has a SQL injection vulnerability. This vulnerability stems from the presence of SQL injections in the p and s parameters, which could allow unauthenticat...
EUVD-2026-12783
The Writeprint Stylometry plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'p' GET parameter in all versions up to and including 0.1. This is due to insufficient input sanitization and output escaping in the bjlwprintstylocommentsnav function. The function directly...
CVE-2026-3512
The Writeprint Stylometry plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'p' GET parameter in all versions up to and including 0.1. This is due to insufficient input sanitization and output escaping in the bjlwprintstylocommentsnav function. The function directly...
WordPress Writeprint Stylometry plugin <= 0.1 - Reflected Cross-Site Scripting via 'p' Parameter vulnerability
Reflected Cross-Site Scripting via 'p' Parameter vulnerability discovered by johska in WordPress Plugin Writeprint Stylometry versions = 0.1...
CVE-2026-3512 Writeprint Stylometry <= 0.1 - Reflected Cross-Site Scripting via 'p' Parameter
The Writeprint Stylometry plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'p' GET parameter in all versions up to and including 0.1. This is due to insufficient input sanitization and output escaping in the bjlwprintstylocommentsnav function. The function directly...
CVE-2026-3512
The CVE-2026-3512 entry concerns the Writeprint Stylometry WordPress plugin (versions up to 0.1). The issue is a Reflected Cross-Site Scripting vulnerability in the function bjl_wprintstylo_comments_nav(), where the plugin directly outputs the GET parameter $_GET['p'] into an HTML href attribute ...
CVE-2026-3512 Writeprint Stylometry <= 0.1 - Reflected Cross-Site Scripting via 'p' Parameter
The Writeprint Stylometry plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'p' GET parameter in all versions up to and including 0.1. This is due to insufficient input sanitization and output escaping in the bjlwprintstylocommentsnav function. The function directly...
PT-2026-26030
The Writeprint Stylometry plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'p' GET parameter in all versions up to and including 0.1. This is due to insufficient input sanitization and output escaping in the bjl wprintstylo comments nav function. The function directly...
WordPress Education Zone theme <= 1.3.8 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by John P in WordPress Theme Education Zone versions = 1.3.8...
MINI-VCH6-P5X8-GR6X
Bulletin has no description...
EUVD-2019-19806
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to bypass authentication, extract sensitive data...
EUVD-2019-19778
XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to extract sensitive database information...
CVE-2019-25509
XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to extract sensitive database information...
CVE-2019-25524 XooGallery Lastest Latest SQL Injection via results.php
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to bypass authentication, extract sensitive data...