Lucene search
K

106 matches found

redhatcve
redhatcve
added 2025/05/22 8:44 p.m.7 views

CVE-2021-39279

Certain MOXA devices allow Authenticated Command Injection via /forms/webimportTFTP. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU 2.3, WDR-3124A-EU-T 2.3,...

9CVSS7.2AI score0.04613EPSS
Exploits3References1
osv
osv
added 2025/05/22 11:15 a.m.4 views

CVE-2025-3836

Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report...

8.3CVSS5.8AI score0.0459EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/02/05 4:40 a.m.5 views

CVE-2024-9459

Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module...

8.8CVSS7.9AI score0.0207EPSS
Exploits0References1
cvelist
cvelist
added 2025/01/10 12:0 a.m.14 views

CVE-2024-54996

MonicaHQ v4.1.2 was discovered to contain multiple authenticated Client-Side Injection vulnerabilities via the title and description parameters at /people/ID/reminders/create...

0.00767EPSS
Exploits2References1
vulnrichment
vulnrichment
added 2025/01/10 12:0 a.m.8 views

CVE-2024-54996

MonicaHQ v4.1.2 was discovered to contain multiple authenticated Client-Side Injection vulnerabilities via the title and description parameters at /people/ID/reminders/create...

7.6AI score0.00767EPSS
Exploits2References2
ptsecurity
ptsecurity
added 2024/12/02 12:0 a.m.4 views

PT-2024-17402 · WordPress · Project Manager

Name of the Vulnerable Software and Affected Versions: Project Manager WordPress Plugin affected versions not specified Description: The issue is an authenticated SQL injection vulnerability in the orderby parameter in the "/pm/v2/activites" API endpoint. This vulnerability affects the 'Project...

7.7CVSS7.3AI score0.00513EPSS
Exploits0References5
patchstack
patchstack
added 2024/10/23 12:0 a.m.4 views

Drupal Loft Data Grids module < 7.x-2.7,< 7.x-3.0 - Authenticated Content Injection vulnerability

Authenticated Content Injection vulnerability discovered by Juraj Nemec in WordPress Module Loft Data Grids versions 7.x-2.7,7.x-3.0...

5.4CVSS7.2AI score0.00395EPSS
Exploits1References1Affected Software1
osv
osv
added 2024/09/06 5:15 p.m.5 views

CVE-2024-27126

A cross-site scripting XSS vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: Notes Station 3 3.9.6 and later...

5.4CVSS5.7AI score0.00248EPSS
Exploits0References1
cnnvd
cnnvd
added 2024/08/12 12:0 a.m.2 views

ZOHO ManageEngine ADAudit Plus 安全漏洞

ZOHO ManageEngine ADAudit Plus is used by ZOHO USA, Inc. to simplify auditing, prove compliance and detect threats. A security vulnerability exists in ZOHO ManageEngine ADAudit Plus prior to version 8110, which stems from the vulnerability to authenticated SQL injection attacks in the Attack...

8.3CVSS7.6AI score0.03117EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2024/07/15 12:0 a.m.7 views

PT-2024-5582 · Manageengine · Zoho Manageengine Exchange Reporter Plus

Name of the Vulnerable Software and Affected Versions: ManageEngine Exchange Reporter Plus versions 5717 and below Description: The issue is related to the lack of protection against SQL query structure attacks in the reports module of ManageEngine Exchange Reporter Plus. This can allow a remote...

8.8CVSS8.6AI score0.03116EPSS
Exploits0References7
cnnvd
cnnvd
added 2024/07/01 12:0 a.m.5 views

Machform Security Vulnerabilities

Machform is an online questionnaire program. A security vulnerability exists in Machform version 19 and prior versions that originates from an authenticated blind SQL injection in the user account settings page...

8.8CVSS7.7AI score0.00831EPSS
Exploits2References2
patchstack
patchstack
added 2024/06/19 5:11 p.m.7 views

WordPress Custom Field Suite plugin <= 2.6.7 - Authenticated SQL Injection vulnerability

Authenticated SQL Injection vulnerability discovered by Jack Taylor in WordPress Plugin Custom Field Suite versions = 2.6.7...

8.8CVSS8.1AI score0.00509EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2024/05/30 9:29 a.m.5 views

WordPress POST SMTP Mailer plugin <= 2.9.3 - Authenticated SQL Injection vulnerability

Authenticated SQL Injection vulnerability discovered by Le Ngoc Anh in WordPress Plugin Post SMTP versions = 2.9.3...

7.2CVSS8.1AI score0.00495EPSS
Exploits0References1Affected Software1
osv
osv
added 2024/05/14 11:15 p.m.0 views

CVE-2024-31476

Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system...

8.8CVSS6.1AI score
Exploits0References2
cnnvd
cnnvd
added 2024/02/02 12:0 a.m.6 views

ManageEngine SQL Injection Vulnerability

ManageEngine is a family of IT management solutions from ManageEngine, Inc. A security vulnerability exists in ManageEngine ADAudit Plus 7270 and prior versions that stems from vulnerability to authenticated SQL injection attacks...

8.8CVSS7.7AI score0.05366EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2024/02/02 12:0 a.m.9 views

PT-2024-15429 · Zoho · Zoho Manageengine Adaudit Plus

Name of the Vulnerable Software and Affected Versions: ManageEngine ADAudit Plus versions 7270 and below Description: The issue is related to an Authenticated SQL injection in the File-Summary DrillDown feature. This has been fixed and released in version 7271. Recommendations: For versions 7270...

8.8CVSS8.2AI score0.05366EPSS
Exploits0References5
vulncheck_kev
vulncheck_kev
added 2024/01/22 12:0 a.m.2 views

VulnCheck KEV: CVE-2020-17505

Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via servicecmdspeform...

9CVSS7.3AI score0.82165EPSS
Exploits4References1
ptsecurity
ptsecurity
added 2023/12/28 12:0 a.m.6 views

PT-2023-29426 · Unknown · Online Examination System

Name of the Vulnerable Software and Affected Versions: Online Examination System version 1.0 Description: The issue concerns an Authenticated SQL Injection vulnerability. Specifically, the wrong parameter of the "update.php" endpoint does not validate the characters received and they are sent...

8AI score
Exploits0References3
ptsecurity
ptsecurity
added 2023/12/28 12:0 a.m.6 views

PT-2023-29425 · Unknown · Online Examination System

Name of the Vulnerable Software and Affected Versions: Online Examination System version 1.0 Description: The issue concerns an Authenticated SQL Injection vulnerability. Specifically, the total parameter of the "update.php" resource does not validate the characters received, and they are sent...

8AI score
Exploits0References3
osv
osv
added 2023/12/21 4:15 p.m.6 views

CVE-2023-45119

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'n' parameter of the /update.php?q=quiz resource does not validate the characters received and they are sent unfiltered to the database...

8.8CVSS5.9AI score
Exploits0References2
Rows per page
Query Builder