Lucene search
K

1767 matches found

NVD
NVD
added 2026/03/24 12:16 p.m.5 views

CVE-2019-25640

Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the 'p' and 'u' parameters. Attackers can inject SQL code using XOR-based payloads in GET requests to portalLogin.php to extract sensitive database information...

8.8CVSS0.00334EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/24 11:27 a.m.2 views

CVE-2019-25640

Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the 'p' and 'u' parameters. Attackers can inject SQL code using XOR-based payloads in GET requests to portalLogin.php to extract sensitive database information...

8.8CVSS6AI score0.00334EPSS
Exploits0References3
NVD
NVD
added 2026/03/21 4:16 p.m.7 views

CVE-2019-25575

SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'p' and 's' parameters. Attackers can send GET requests with crafted SQL payloads to extract sensitive database information...

8.8CVSS0.00338EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/21 3:30 p.m.3 views

CVE-2019-25575 SimplePress CMS 1.0.7 SQL Injection via p and s Parameters

SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'p' and 's' parameters. Attackers can send GET requests with crafted SQL payloads to extract sensitive database information...

8.8CVSS6.2AI score0.00338EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/21 3:30 p.m.24 views

CVE-2019-25575 SimplePress CMS 1.0.7 SQL Injection via p and s Parameters

SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'p' and 's' parameters. Attackers can send GET requests with crafted SQL payloads to extract sensitive database information...

8.8CVSS0.00338EPSS
Exploits1References4
CVE
CVE
added 2026/03/21 3:30 p.m.10 views

CVE-2019-25575

CVE-2019-25575 affects SimplePress CMS 1.0.7. The vulnerability is an SQL injection in the web app that permits unauthenticated attackers to craft GET requests via the p and s parameters to execute arbitrary SQL. Impact per sources includes extraction of sensitive data such as usernames, database...

8.8CVSS6.2AI score0.00338EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.10 views

Sourceforge SimplePress CMS SQL注入漏洞

SourceForge SimplePress CMS is an open-source content management system developed by SourceForge. Version 1.0.7 of SourceForge SimplePress CMS has a SQL injection vulnerability. This vulnerability stems from the presence of SQL injections in the p and s parameters, which could allow unauthenticat...

8.8CVSS6.1AI score0.00338EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/18 9:30 a.m.4 views

EUVD-2026-12783

The Writeprint Stylometry plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'p' GET parameter in all versions up to and including 0.1. This is due to insufficient input sanitization and output escaping in the bjlwprintstylocommentsnav function. The function directly...

6.1CVSS6AI score0.00205EPSS
Exploits0References6
NVD
NVD
added 2026/03/18 7:16 a.m.8 views

CVE-2026-3512

The Writeprint Stylometry plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'p' GET parameter in all versions up to and including 0.1. This is due to insufficient input sanitization and output escaping in the bjlwprintstylocommentsnav function. The function directly...

6.1CVSS0.00205EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/03/18 6:55 a.m.6 views

WordPress Writeprint Stylometry plugin <= 0.1 - Reflected Cross-Site Scripting via 'p' Parameter vulnerability

Reflected Cross-Site Scripting via 'p' Parameter vulnerability discovered by johska in WordPress Plugin Writeprint Stylometry versions = 0.1...

6.1CVSS5.8AI score0.00205EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/18 6:48 a.m.2 views

CVE-2026-3512 Writeprint Stylometry <= 0.1 - Reflected Cross-Site Scripting via 'p' Parameter

The Writeprint Stylometry plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'p' GET parameter in all versions up to and including 0.1. This is due to insufficient input sanitization and output escaping in the bjlwprintstylocommentsnav function. The function directly...

6.1CVSS6AI score0.00205EPSS
Exploits0References5
CVE
CVE
added 2026/03/18 6:48 a.m.12 views

CVE-2026-3512

The CVE-2026-3512 entry concerns the Writeprint Stylometry WordPress plugin (versions up to 0.1). The issue is a Reflected Cross-Site Scripting vulnerability in the function bjl_wprintstylo_comments_nav(), where the plugin directly outputs the GET parameter $_GET['p'] into an HTML href attribute ...

6.1CVSS6AI score0.00205EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/18 6:48 a.m.33 views

CVE-2026-3512 Writeprint Stylometry <= 0.1 - Reflected Cross-Site Scripting via 'p' Parameter

The Writeprint Stylometry plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'p' GET parameter in all versions up to and including 0.1. This is due to insufficient input sanitization and output escaping in the bjlwprintstylocommentsnav function. The function directly...

6.1CVSS0.00205EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.8 views

PT-2026-26030

The Writeprint Stylometry plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'p' GET parameter in all versions up to and including 0.1. This is due to insufficient input sanitization and output escaping in the bjl wprintstylo comments nav function. The function directly...

6.1CVSS6AI score0.00205EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/03/17 10:35 a.m.9 views

WordPress Education Zone theme <= 1.3.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by John P in WordPress Theme Education Zone versions = 1.3.8...

6.5CVSS5.8AI score0.00242EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/03/13 10:46 a.m.3 views

MINI-VCH6-P5X8-GR6X

Bulletin has no description...

6.1CVSS5.7AI score0.00328EPSS
Exploits0
EUVD
EUVD
added 2026/03/12 6:30 p.m.9 views

EUVD-2019-19806

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to bypass authentication, extract sensitive data...

8.8CVSS5.9AI score0.00393EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/12 6:30 p.m.3 views

EUVD-2019-19778

XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to extract sensitive database information...

8.8CVSS5.9AI score0.00306EPSS
Exploits0References3
NVD
NVD
added 2026/03/12 4:16 p.m.4 views

CVE-2019-25509

XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to extract sensitive database information...

8.8CVSS0.00306EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/12 3:36 p.m.2 views

CVE-2019-25524 XooGallery Lastest Latest SQL Injection via results.php

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to bypass authentication, extract sensitive data...

8.8CVSS5.9AI score0.00393EPSS
Exploits1References2
Rows per page
Query Builder