CVE-2026-22850

Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path pa and referrer r values to the public...

Kimai has an Authenticated Server-Side Template Injection (SSTI)

Kimai 2.45.0 - Authenticated Server-Side Template Injection SSTI Vulnerability Summary | Field | Value | |-------|-------| | Title | Authenticated SSTI via Permissive Export Template Sandbox || Attack Vector | Network | | Attack Complexity | Low | | Privileges Required | High Admin with export...

CVE-2023-53929

phpMyFAQ 3.1.12 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into their profile names. Attackers can modify their user profile name with a payload like 'calc|a!z|' to trigger code execution when an administrator exports user data as a CSV fil...

CVE-2023-53929 phpMyFAQ 3.1.12 CSV Injection via User Profile Export

phpMyFAQ 3.1.12 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into their profile names. Attackers can modify their user profile name with a payload like 'calc|a!z|' to trigger code execution when an administrator exports user data as a CSV fil...

CVE-2023-53913 Rukovoditel 3.3.1 CSV Injection via User Account Export

Rukovoditel 3.3.1 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into the firstname field. Attackers can craft payloads like =calc|a!z| to trigger code execution when an admin exports customer data as a CSV file...

PT-2025-51967

Name of the Vulnerable Software and Affected Versions phpMyFAQ version 3.1.12 Description The software contains a CSV injection flaw that permits authenticated users to inject malicious formulas into their profile names. An attacker can modify their user profile name with a payload such as...

VulnCheck KEV: CVE-2023-24733

PMB v7.4.6 was discovered to contain a reflected cross-site scripting XSS vulnerability via the query parameter at /admin/convert/exportz3950new.php...

CVE-2025-7812

The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.6. This is due to missing or incorrect nonce validation on the adminExport function. This makes it possible for unauthenticated...

CVE-2025-7812

The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.6. This is due to missing or incorrect nonce validation on the adminExport function. This makes it possible for unauthenticated...

CVE-2025-7812 Video Share VOD – Turnkey Video Site Builder Script <= 2.7.6 - Cross-Site Request Forgery to Command Injection

The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.6. This is due to missing or incorrect nonce validation on the adminExport function. This makes it possible for unauthenticated...

CVE-2025-7812

CVE-2025-7812 affects the WordPress plugin Video Share VOD – Turnkey Video Site Builder Script (versions through 2.7.6). The root cause is missing or incorrect nonce validation on adminExport(), enabling Cross-Site Request Forgery that can lead to remote code execution when the Server command exe...

PT-2025-34956

Name of the Vulnerable Software and Affected Versions: Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress versions through 2.7.6 Description: The plugin is susceptible to Cross-Site Request Forgery CSRF due to missing or incorrect nonce validation in the adminExport function...

CVE-2024-30860

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/exportexceluser.php...

CVE-2023-24733

PMB v7.4.6 was discovered to contain a reflected cross-site scripting XSS vulnerability via the query parameter at /admin/convert/exportz3950new.php...

Moodle < 4.1.12 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is 4.1.x prior to 4.1.12, 4.2.x prior to 4.2.9, 4.3.x prior to 4.3.6, or 4.4.x prior to 4.4.2. It is, therefore, affected by multiple vulnerabilities. - A LFI vulnerability when restoring malformed block backups....

CVE-2024-8165

A vulnerability was identified in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This vulnerability affects the function exportZip of the file /admin/filemanager/export. Such manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit i...

CVE-2024-30860

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/exportexceluser.php...

PT-2024-23638 · Netentsec · Netentsec Ns-Asg

Name of the Vulnerable Software and Affected Versions: netentsec NS-ASG version 6.3 Description: The issue is related to SQL Injection. It can be exploited via the "/admin/export excel user.php" API endpoint. Recommendations: For netentsec NS-ASG version 6.3, consider restricting access to the...

CVE-2023-24737

PMB v7.4.6 was discovered to contain a reflected cross-site scripting XSS vulnerability via the query parameter at /admin/convert/exportz3950.php...

CVE-2023-24733

PMB v7.4.6 was discovered to contain a reflected cross-site scripting XSS vulnerability via the query parameter at /admin/convert/exportz3950new.php...