201 matches found
Giveaway <= 1.2.2 - Authenticated SQL Injection
The plugin is vulnerable to an SQL Injection issue which allows an administrative user to execute arbitrary SQL commands via the $postid on the options.php page. 1. Navigate in Wordpress panel to Settings - Giveaway 2. Intercept the request in Burp Suite 3. Click on "Select" button at the very to...
Export Users With Meta < 0.6.5 - Authenticated SQL Injection
The plugin did not escape the list of roles to export before using them in a SQL statement in the export functionality, available to admins, leading to an authenticated SQL Injection. POST /wp-admin/users.php?page=uewmsettings HTTP/1.1 Accept:...
CVE-2021-31818
Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly. Exploiting this vulnerability could allow unauthorised access to database tables...
CVE-2020-24671
Trace Financial CRESTBridge 6.3.0.02 contains an authenticated SQL injection vulnerability, which was fixed in 6.3.0.03...
WordPress XCloner Backup, Restore and Migrate plugin <= 4.2.161 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Ngo Van Thien Sun Research & Development WordPress XCloner Backup, Restore and Migrate plugin versions = 4.2.161. Solution Update the WordPress XCloner Backup, Restore and Migrate plugin to the latest available version at least 4.2.163...
Activity Log < 2.7.0 - Authenticated SQL Injection
The plugin was vulnerable to SQL Injection in the order column of the past events table. time curl 'http://www.example.com/wp-admin/admin.php?page=activitylogpage&orderby=histtime%20AND%20SLEEP%280%29' -H 'Cookie: ...'...
CVE-2021-24221 Quiz And Survey Master < 7.1.12 - Authenticated SQL injection via shortcode
The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin before 7.1.12 did not sanitise the resultid GET parameter on pages with the qsmresult shortcode without id attribute, concatenating it in a SQL statement and leading to an SQL injection. The lowest role allowed to...
WordPress Simple Membership plugin <= 4.0.3 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Martin Vierula in WordPress Simple Membership plugin versions = 4.0.3. Solution Update the WordPress Simple Membership plugin to the latest available version at least 4.0.4...
CVE-2021-24138
Unvalidated input in the AdRotate WordPress plugin, versions before 5.8.4, leads to Authenticated SQL injection via param "id". This requires an admin privileged user...
CVE-2021-24138 AdRotate < 5.8.4 - Authenticated SQL Injection
Unvalidated input in the AdRotate WordPress plugin, versions before 5.8.4, leads to Authenticated SQL injection via param "id". This requires an admin privileged user...
Newsletter by Supsystic <= 1.5.6 - Authenticated SQL Injection
The GET parameter "sidx" is used in a SQL statement without being sanitised when searching for subscribers in the dashboard, leading to an authenticated SQL Injection issue. PoC The PoC will be displayed once the issue has been remediated...
Data Tables Generator by Supsystic < 1.10.0 - Authenticated SQL Injection
The POST parameter "datasearchtextlike" was used in a SQL statement without being sanitised when searching for Tables in the dashboard, leading to an authenticated SQL Injection issue. PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Host: example.com User-Agent: YOLO Accept: / Accept-Language:...
Modern Events Calendar Lite < 5.16.6 - Authenticated SQL Injection
The plugin did not sanitise the mecpostid POST parameter in the mecfesform AJAX action when logged in as an author+, leading to an authenticated SQL Injection issue. If the Frontend Event Submission form is embed in a public page, then it could lead to any authenticated user, like subscribers to...
WordPress Slider by 10Web plugin <= 1.2.35 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities
Multiple Authenticated SQL Injection SQLi vulnerabilities found by Nguyen Anh Tien in WordPress Slider by 10Web plugin versions = 1.2.35. Solution Update the WordPress Slider by 10Web plugin to the latest available version at least 1.2.36...
Recall Products <= 0.8 - Authenticated SQL Injection
The Manufacturer POST parameter is vulnerable to SQL injection when submitting a deletion request. The PoC will be displayed once the issue has been remediated...
WordPress Recall Products plugin <= 0.8 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability found by ZERO APTITUDE in WordPress Recall Products plugin versions = 0.8. Solution 2020-09-16 - we were unable to find a patched version of this plugin. WordPress.org notification: "This plugin has been closed as of July 28, 2020 and is not availabl...
Joomla! J2 JOBS 1.3.0 - 'sortby' Authenticated SQL Injection
Exploit Title: Joomla! J2 JOBS 1.3.0 - 'sortby' Authenticated SQL Injection Date: 2020-06-17 Exploit Author: Mehmet Kelepçe / Gais Cyber Security Vendor Homepage: https://joomsky.com/ Software Link: https://joomsky.com/products/js-jobs-pro.html Change Log Update :...
CVE-2020-9269
SOPlanning 1.45 is vulnerable to authenticated SQL injection that leads to command execution via the users parameter of export_ical.php. The flaw enables an authenticated attacker to inject SQL through a parameter observed in export_ical.php, potentially causing code/command execution with high i...
CVE-2019-7484
Authenticated SQL Injection in SonicWall SMA100 allow user to gain read-only access to unauthorized resources using viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.3 and earlier...
CVE-2019-16404
OpenEMR is affected by a SQL Injection in interface/forms/eye_mag/js/eye_base.php (through OpenEMR 5.0.2 and earlier). The vulnerability arises from a non-parameterized INSERT INTO statement involving the providerID parameter, allowing an authenticated user to extract arbitrary data from the Open...