CVE-2026-24572

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Nelio Software Nelio Content nelio-content allows Blind SQL Injection.This issue affects Nelio Content: from n/a through = 4.2.0...

CVE-2026-24572

creationtimestamp| type| source ---|---|--- 2026-01-23 23:57:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3md4vpfmtkv2m 2026-01-24 00:16:06+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3md4wqzvwfn27...

CVE-2024-24572

facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, the $REQUEST global array was unsafely called inside an extract function in admin-logs.php. The PHP file fm-init.php prevents arbitrary manipulation of $SESSION via the GET/POST parameters...

CVE-2023-24572

creationtimestamp| type| source ---|---|--- 2025-03-21 15:19:38+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/8358...

CVE-2025-24572

Cross-Site Request Forgery CSRF vulnerability in Epsiloncool WP Fast Total Search fulltext-search allows Cross Site Request Forgery.This issue affects WP Fast Total Search: from n/a through = 1.78.258...

CVE-2025-24572

creationtimestamp| type| source ---|---|--- 2025-01-24 18:01:54+00:00| seen| https://infosec.exchange/users/cve/statuses/113884640875950088...

CVE-2025-24572 WordPress WP Fast Total Search plugin <= 1.78.258 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Epsiloncool WP Fast Total Search fulltext-search allows Cross Site Request Forgery.This issue affects WP Fast Total Search: from n/a through = 1.78.258...

CVE-2024-24572

creationtimestamp| type| source ---|---|--- 2024-02-01 00:21:36+00:00| seen| https://t.me/ctinow/177213 2024-02-07 21:17:13+00:00| seen| https://t.me/ctinow/180968...

CVE-2024-24572

facileManager is a modular web app. In versions ≤4.5.0, admin-logs.php calls extract() on $_REQUEST, allowing an authenticated user (with site-log viewing privileges) to append GET parameter search_sql and bypass injection protections, enabling SQL injection from manipulated search_sql.

CVE-2024-24572 facileManager Authenticated Variable Manipulation leading to SQL Injection

facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, the $REQUEST global array was unsafely called inside an extract function in admin-logs.php. The PHP file fm-init.php prevents arbitrary manipulation of $SESSION via the GET/POST parameters...

CVE-2023-24572

CVE-2023-24572 affects Dell Command | Integration Suite for System Center, versions before 6.4.0. It describes an arbitrary folder deletion vulnerability during uninstallation that a locally authenticated malicious user may exploit. The impact is limited to folder deletion; no additional details ...

CVE-2022-24572

creationtimestamp| type| source ---|---|--- 2022-02-28 16:23:14+00:00| seen| https://t.me/cibsecurity/38172...

CVE-2022-24572

Car Driving School Management System v1.0 contains a Cross Site Scripting (XSS) vulnerability in the User Enrollment Form Username Field. The weakness allows client‑side code execution when an admin views registered user details. Root cause cited in sources is inadequate input filtering/validatio...

CVE-2021-24572

creationtimestamp| type| source ---|---|--- 2021-11-01 11:21:08+00:00| seen| https://t.me/cibsecurity/31527...

CVE-2021-24572

The Accept Donations with PayPal WordPress plugin before 1.3.1 provides a function to create donation buttons which are internally stored as posts. The deletion of a button is not CSRF protected and there is no control to check if the deleted post was a button post. As a result, an attacker could...

CVE-2020-24572

An issue was discovered in includes/webconsole.php in RaspAP 2.5. With authenticated access, an attacker can use a misconfigured and virtually unrestricted web console to attack the underlying OS Raspberry Pi running this software, and execute commands on the system including ones for uploading o...

CVE-2020-24572

CVE-2020-24572 affects RaspAP 2.5 and stems from an issue in includes/webconsole.php. With authenticated access, a misconfigured (and virtually unrestricted) web console can be used to attack the underlying OS (Raspberry Pi) running RaspAP, allowing execution of system commands, including uploadi...

Exploit for OS Command Injection in Raspap

CVE-2020-24572 An issue was discovered in includes/webconsole...