36 matches found
CVE-2023-38883
A reflected cross-site scripting XSS vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'ajax' parameter in 'ParentLookup.php'...
CVE-2023-3340
A vulnerability was found in SourceCodester Online School Fees System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file ajx.php of the component GET Parameter Handler. The manipulation of the argument namestartsWith leads to sql injection. The attack...
CVE-2022-4297
The WP AutoComplete Search WordPress plugin through 1.0.4 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injection...
CVE-2022-1933
The CDI WordPress plugin before 5.1.9 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting...
CVE-2022-1057
The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection...
CVE-2022-1057
The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection...
WordPress plugin Master Elements SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin Master Elements 8.0 and earlier versions are vulnerable to SQL injection, which stems from t...
Wordpress Load More SQL注入漏洞
Wordpress Load More is Wordpress an open source application plugin . Provide a load more items function . WordPress Load More plugin before 5.3.2 SQL injection vulnerability exists , the vulnerability stems from /wp-admin/admin-ajax.php repeater parameter or type=test parameter...
MK-AUTH Cross-Site Scripting Vulnerability
MK-AUTH is an access control system developed by Pedro Filho, an individual developer in Brazil. A cross-site scripting vulnerability exists in MK-AUTH through version 19.01 K4.9, which originates in the tipo parameter of the admin log ajax.php. An attacker can exploit the vulnerability to read t...
CVE-2020-7104
The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via the wp-admin/admin-ajax.php totalquestions parameter...
CVE-2011-4336
Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to snarfajax.php...
CVE-2019-17271
vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter...
CVE-2019-11557
The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $POST'action' value and the $GET'action' value, and the...
WordPress Site Editor 1.1.1 Local File Inclusion Vulnerability
Exploit for php platform in category web applications Product: Site Editor Wordpress Plugin - https://wordpress.org/plugins/site-editor/ Vendor: Site Editor Tested version: 1.1.1 CVE ID: CVE-2018-7422 CVE description A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for...
CVE-2018-5654
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php PFFREEAccessToken parameter...
Joomla Huge-IT Video Gallery 1.0.9 ajax_url.php parameter galleryid SQL injection vulnerability
No description provided by source...