CVE-2023-45826 Authenticated SQL Injection in leantime

Leantime is an open source project management system. A 'userId' variable in app/domain/files/repositories/class.files.php is not parameterized. An authenticated attacker can send a carefully crafted POST request to /api/jsonrpc to exploit an SQL injection vulnerability. Confidentiality is impact...

PT-2023-19104 · WordPress · Mainwp Google Analytics Extension

Name of the Vulnerable Software and Affected Versions: MainWP Google Analytics Extension plugin versions = 4.0.4 Description: The issue is related to an authenticated SQL Injection vulnerability. This means that an attacker with subscriber-level access or higher can potentially inject malicious S...

CVE-2022-24628

An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is authenticated SQL injection in the id parameter of IPPhoneFirmwareEdit.php...

CVE-2022-24628

An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is authenticated SQL injection in the id parameter of IPPhoneFirmwareEdit.php...

CVE-2022-47605

Auth. SQL Injection' vulnerability in Kunal Nagar Custom 404 Pro plugin = 3.7.0 versions...

ChurchCRM 4.5.1 SQL Injection

Exploit Title: ChurchCRM 4.5.1 - Authenticated SQL Injection Date: 11-03-2023 Exploit Author: Arvandy Blog Post: https://github.com/arvandy/CVE/blob/main/CVE-2023-24787/CVE-2023-24787.md Software Link: https://github.com/ChurchCRM/CRM/releases Vendor Homepage: http://churchcrm.io/ Version: 4.5.1...

NEX-Forms WordPress plugin < 7.9.7 - Authenticated SQLi

Exploit Title: NEX-Forms WordPress plugin =5.0.12 AND time-based blind query SLEEP Payload: page=nex-forms-dashboard&formid=1 AND SELECT 4715 FROM SELECTSLEEP5nPUi...

CVE-2023-28660

The Events Made Easy WordPress Plugin, version = 2.3.14 is affected by an authenticated SQL injection vulnerability in the 'searchname' parameter in the emerecurrenceslist action...

CVE-2023-28660

The Events Made Easy WordPress Plugin, version = 2.3.14 is affected by an authenticated SQL injection vulnerability in the 'searchname' parameter in the emerecurrenceslist action...

CVE-2023-24789

jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the building block report component...

CVE-2023-26325

The 'rxexportreview' action in the ReviewX WordPress Plugin, is affected by an authenticated SQL injection vulnerability in the 'filterValue' and 'selectedColumns' parameters...

Wordfence Intelligence CE Weekly Vulnerability Report (Feb 6, 2023 to Feb 12, 2023)

In case you missed it, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence Community Edition. This database is continuously updated, maintained, and populated by Wordfences highly...

CVE-2022-4230 WP Statistics < 13.2.9 - Authenticated SQLi

The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manageoptions capability admin+, however the plugin has a settings to allow low...

CVE-2023-23492

The Login with Phone Number WordPress Plugin, version 1.4.2, is affected by an authenticated SQL injection vulnerability in the 'ID' parameter of its 'lwpforgotpassword' action...

CVE-2023-23492

The Login with Phone Number WordPress Plugin, version 1.4.2, is affected by an authenticated SQL injection vulnerability in the 'ID' parameter of its 'lwpforgotpassword' action...

CVE-2022-43462

Auth. SQL Injection SQLi vulnerability in Adeel Ahmed's IP Blacklist Cloud plugin = 5.00 versions...

Web Invoice <= 2.1.3 - Authenticated SQLi

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default. However, depending on the plugin configuration, other users, such as subscriber could exploit this as well PoC...

CVE-2022-37773

An authenticated SQL Injection vulnerability in the statistics page /statistics/retrieve of Maarch RM 2.8, via the filter parameter, allows the complete disclosure of all databases...

CVE-2022-37773

Maarch RM 2.8 is affected by an authenticated SQL Injection on the statistics page, specifically /statistics/retrieve, via the filter parameter. The vulnerability enables complete disclosure of all databases. Several connected sources confirm the issue but do not provide a confirmed fix version; ...

WordPress WP ALL Export Pro premium plugin <= 1.7.8 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Sanjay Das in WordPress WP ALL Export Pro premium plugin versions = 1.7.8. Solution Update the WordPress WP ALL Export Pro plugin to the latest available version at least 1.7.9...