CVE-2026-2172

A vulnerability was determined in code-projects Online Application System for Admission 1.0. Affected by this vulnerability is an unknown functionality of the file enrollment/index.php of the component Login Endpoint. Executing a manipulation can lead to sql injection. The attack can be launched...

CVE-2026-2172

A vulnerability was determined in code-projects Online Application System for Admission 1.0. Affected by this vulnerability is an unknown functionality of the file enrollment/index.php of the component Login Endpoint. Executing a manipulation can lead to sql injection. The attack can be launched...

CVE-2025-2172

creationtimestamp| type| source ---|---|--- 2025-06-23 14:45:34+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/19212 2025-06-23 15:31:00+00:00| published-proof-of-concept| Telegram/S7RPzkaVu9rMwdZrCAlLyJw5bBMvrbhCFuoMTi2UNDrM6ko 2025-06-23 16:18:13+00:00| seen|...

CVE-2025-2172

Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 fail to sanitize user input prior to passing the input to command line utilities, allowing command injection via special characters in filenames...

CVE-2025-2172

Aviatrix Controller is affected in versions prior to 7.1.4208, 7.2.5090, and 8.0.0 due to insufficient input sanitization before passing data to command line utilities, enabling command injection via special characters in filenames. The issue is documented with fixed releases: upgrade to 7.1.4208...

CVE-2025-2172

Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 fail to sanitize user input prior to passing the input to command line utilities, allowing command injection via special characters in filenames...

CVE-2019-2172

In libxaac there is a possible information disclosure due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113035224...

CVE-2002-2172

Informed 1 Designer and 2 Filler 3.05 does not zero out newly allocated disk blocks as an encrypted file grows in size, which may allow attackers to obtain sensitive information...

Critical Flaw In WordPress Plugins Poses Risk Of Site Takeover

Summary: A critical security vulnerability, identified as CVE-2024-2172 in WordPress, urges users utilizing miniOranges Malware Scanner and Web Application Firewall plugins to uninstall these plugins from their websites. This vulnerability enables unauthorized attackers to gain administrative...

CVE-2024-2172

creationtimestamp| type| source ---|---|--- 2024-03-18 10:59:33+00:00| seen| https://t.me/KomunitiSiber/1644 2024-03-18 11:12:50+00:00| seen| Telegram/MyEo6zo2oA0FPXN7aiqO475IjbDEyZrnDMzeQJLGVBU3vg 2024-03-18 11:12:51+00:00| seen| https://t.me/tengkorakcybercrewz/4201 2024-03-18 11:12:51+00:00|...

WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw

WordPress users of miniOrange's Malware Scanner and Web Application Firewall plugins are being urged to delete them from their websites following the discovery of a critical security flaw. The flaw, tracked as CVE-2024-2172, is rated 9.8 out of a maximum of 10 on the CVSS scoring system and...

CVE-2024-2172

The Malware Scanner plugin and the Web Application Firewall plugin for WordPress both by MiniOrange are vulnerable to privilege escalation due to a missing capability check on the mowpnsinit function in all versions up to, and including, 4.7.2 for Malware Scanner and 2.1.1 for Web Application...

CVE-2024-2172 Malware Scanner <= 4.7.2 and Web Application Firewall <= 2.1.1 - Unauthenticated Privilege Escalation

The Malware Scanner plugin and the Web Application Firewall plugin for WordPress both by MiniOrange are vulnerable to privilege escalation due to a missing capability check on the mowpnsinit function in all versions up to, and including, 4.7.2 for Malware Scanner and 2.1.1 for Web Application...

CVE-2024-2172

CVE-2024-2172 affects MiniOrange WordPress plugins: Malware Scanner (up to 4.7.2) and Web Application Firewall (up to 2.1.1). Root cause is a missing capability check in mo_wpns_init(), enabling unauthenticated privilege escalation to administrator. Documented impact: sites can be compromised by ...

CVE-2024-2172 Malware Scanner <= 4.7.2 and Web Application Firewall <= 2.1.1 - Unauthenticated Privilege Escalation

The Malware Scanner plugin and the Web Application Firewall plugin for WordPress both by MiniOrange are vulnerable to privilege escalation due to a missing capability check on the mowpnsinit function in all versions up to, and including, 4.7.2 for Malware Scanner and 2.1.1 for Web Application...

WordPress Malware Scanner Plugin <= 4.7.2 is vulnerable to Privilege Escalation

Software Malware Scanner Type Plugin Vulnerable versions = 4.7.2 Fixed in 4.7.3 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-2172 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID e270f8310961 Credits Stiofan Required privilege...

WordPress Web Application Firewall – website security Plugin <= 2.1.1 is vulnerable to Privilege Escalation

Software Web Application Firewall – website security Type Plugin Vulnerable versions = 2.1.1 Fixed in 2.1.2 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-2172 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 079a85617a7b Credits...

CVE-2004-2172

creationtimestamp| type| source ---|---|--- 2024-02-14 19:16:22+00:00| seen| https://t.me/ctinow/184929...

CVE-2023-2172

creationtimestamp| type| source ---|---|--- 2023-08-31 12:12:48+00:00| seen| https://t.me/cibsecurity/69513...

CVE-2023-2172

The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. This is due to improper validation and authorization checks within the badgeosupdatestepsajaxhandler, badgeosupdateawardstepsajaxhandler,...