106 matches found
CVE-2021-39279
Certain MOXA devices allow Authenticated Command Injection via /forms/webimportTFTP. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU 2.3, WDR-3124A-EU-T 2.3,...
CVE-2025-3836
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report...
CVE-2024-9459
Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module...
CVE-2024-54996
MonicaHQ v4.1.2 was discovered to contain multiple authenticated Client-Side Injection vulnerabilities via the title and description parameters at /people/ID/reminders/create...
CVE-2024-54996
MonicaHQ v4.1.2 was discovered to contain multiple authenticated Client-Side Injection vulnerabilities via the title and description parameters at /people/ID/reminders/create...
PT-2024-17402 · WordPress · Project Manager
Name of the Vulnerable Software and Affected Versions: Project Manager WordPress Plugin affected versions not specified Description: The issue is an authenticated SQL injection vulnerability in the orderby parameter in the "/pm/v2/activites" API endpoint. This vulnerability affects the 'Project...
Drupal Loft Data Grids module < 7.x-2.7,< 7.x-3.0 - Authenticated Content Injection vulnerability
Authenticated Content Injection vulnerability discovered by Juraj Nemec in WordPress Module Loft Data Grids versions 7.x-2.7,7.x-3.0...
CVE-2024-27126
A cross-site scripting XSS vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: Notes Station 3 3.9.6 and later...
ZOHO ManageEngine ADAudit Plus 安全漏洞
ZOHO ManageEngine ADAudit Plus is used by ZOHO USA, Inc. to simplify auditing, prove compliance and detect threats. A security vulnerability exists in ZOHO ManageEngine ADAudit Plus prior to version 8110, which stems from the vulnerability to authenticated SQL injection attacks in the Attack...
PT-2024-5582 · Manageengine · Zoho Manageengine Exchange Reporter Plus
Name of the Vulnerable Software and Affected Versions: ManageEngine Exchange Reporter Plus versions 5717 and below Description: The issue is related to the lack of protection against SQL query structure attacks in the reports module of ManageEngine Exchange Reporter Plus. This can allow a remote...
Machform Security Vulnerabilities
Machform is an online questionnaire program. A security vulnerability exists in Machform version 19 and prior versions that originates from an authenticated blind SQL injection in the user account settings page...
WordPress Custom Field Suite plugin <= 2.6.7 - Authenticated SQL Injection vulnerability
Authenticated SQL Injection vulnerability discovered by Jack Taylor in WordPress Plugin Custom Field Suite versions = 2.6.7...
WordPress POST SMTP Mailer plugin <= 2.9.3 - Authenticated SQL Injection vulnerability
Authenticated SQL Injection vulnerability discovered by Le Ngoc Anh in WordPress Plugin Post SMTP versions = 2.9.3...
CVE-2024-31476
Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system...
ManageEngine SQL Injection Vulnerability
ManageEngine is a family of IT management solutions from ManageEngine, Inc. A security vulnerability exists in ManageEngine ADAudit Plus 7270 and prior versions that stems from vulnerability to authenticated SQL injection attacks...
PT-2024-15429 · Zoho · Zoho Manageengine Adaudit Plus
Name of the Vulnerable Software and Affected Versions: ManageEngine ADAudit Plus versions 7270 and below Description: The issue is related to an Authenticated SQL injection in the File-Summary DrillDown feature. This has been fixed and released in version 7271. Recommendations: For versions 7270...
VulnCheck KEV: CVE-2020-17505
Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via servicecmdspeform...
PT-2023-29426 · Unknown · Online Examination System
Name of the Vulnerable Software and Affected Versions: Online Examination System version 1.0 Description: The issue concerns an Authenticated SQL Injection vulnerability. Specifically, the wrong parameter of the "update.php" endpoint does not validate the characters received and they are sent...
PT-2023-29425 · Unknown · Online Examination System
Name of the Vulnerable Software and Affected Versions: Online Examination System version 1.0 Description: The issue concerns an Authenticated SQL Injection vulnerability. Specifically, the total parameter of the "update.php" resource does not validate the characters received, and they are sent...
CVE-2023-45119
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'n' parameter of the /update.php?q=quiz resource does not validate the characters received and they are sent unfiltered to the database...