WordPress WP AutoComplete Search 1.0.4 SQL Injection

Exploit Title: WP AutoComplete 1.0.4 - Unauthenticated SQLi Date: 30/06/2023 Exploit Author: Matin nouriyan matitanium Version: = 1.0.4 CVE: CVE-2022-4297 Vendor Homepage: https://wordpress.org/support/plugin/wp-autosearch/ Tested on: Kali linux --------------------------------------- The WP...

Wordpress WP AutoComplete 1.0.4 - Unauthenticated SQL injection Vulnerability

Exploit Title: WP AutoComplete 1.0.4 - Unauthenticated SQLi Date: 30/06/2023 Exploit Author: Matin nouriyan matitanium Version: = 1.0.4 CVE: CVE-2022-4297 Vendor Homepage: https://wordpress.org/support/plugin/wp-autosearch/ Tested on: Kali linux --------------------------------------- The WP...

Search Autocomplete - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-026

This module enables you to use complex autocompletion in forms. The module doesn't sufficiently filter text in the data it exposes, allowing a malicious user to enter specially crafted tags to exploit a Cross Site Scripting XSS attack. This vulnerability is mitigated by the fact that an attacker...

CVE-2023-30149

SQL injection vulnerability in the City Autocomplete cityautocomplete module from ebewe.net for PrestaShop, prior to version 1.8.12 for PrestaShop version 1.5/1.6 or prior to 2.0.3 for PrestaShop version 1.7, allows remote attackers to execute arbitrary SQL commands via the type, inputname. or q...

Sql injection

SQL injection vulnerability in the City Autocomplete cityautocomplete module from ebewe.net for PrestaShop, prior to version 1.8.12 for PrestaShop version 1.5/1.6 or prior to 2.0.3 for PrestaShop version 1.7, allows remote attackers to execute arbitrary SQL commands via the type, inputname. or q...

CVE-2023-30149

SQL injection vulnerability in the City Autocomplete cityautocomplete module from ebewe.net for PrestaShop, prior to version 1.8.12 for PrestaShop version 1.5/1.6 or prior to 2.0.3 for PrestaShop version 1.7, allows remote attackers to execute arbitrary SQL commands via the type, inputname. or q...

CVE-2023-30149

Summary: CVE-2023-30149 describes a SQL injection vulnerability in the City Autocomplete module (ebewe.net) for PrestaShop. Affected versions: City Autocomplete before 1.8.12 for PrestaShop 1.5/1.6, and before 2.0.3 for PrestaShop 1.7. Vulnerability details: Remote attackers can inject SQL via th...

PrestaShop SQL注入漏洞

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, SMS alerts, and product image scaling. A security vulnerability exists in PrestaShop Module City Autocomplete, which stems from the presence of a SQL...

CVE-2023-30149

SQL injection vulnerability in the City Autocomplete cityautocomplete module from ebewe.net for PrestaShop, prior to version 1.8.12 for PrestaShop version 1.5/1.6 or prior to 2.0.3 for PrestaShop version 1.7, allows remote attackers to execute arbitrary SQL commands via the type, inputname. or q...

PT-2023-22557 · Unknown +1 · Prestashop +1

Name of the Vulnerable Software and Affected Versions: PrestaShop module City Autocomplete versions prior to 1.8.12 for PrestaShop version 1.5/1.6 PrestaShop module City Autocomplete versions prior to 2.0.3 for PrestaShop version 1.7 Description: The issue allows remote attackers to execute...

SUSE CVE-2007-2869

The form autocomplete feature in Mozilla Firefox 1.5.x before 1.5.0.12, 2.x before 2.0.0.4, and possibly earlier versions, allows remote attackers to cause a denial of service persistent temporary CPU consumption via a large number of characters in a submitted form...

SUSE CVE-2010-4569

Cross-site scripting XSS vulnerability in Bugzilla 3.7.1, 3.7.2, 3.7.3, and 4.0rc1 allows remote attackers to inject arbitrary web script or HTML via the real name field of a user account, related to the AutoComplete widget in YUI...

SUSE CVE-2011-0067

Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly implement autocompletion for forms, which allows remote attackers to read form history entries via a Java applet that spoofs interaction with the autocomplete controls...

SUSE CVE-2018-1083

Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mention...

SUSE CVE-2018-3780

A missing sanitization of search results for an autocomplete field in NextCloud Server 13.0.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...

SUSE CVE-2019-13737

Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...

SUSE CVE-2019-18449

An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the autocomplete feature. It has Insecure Permissions issue 2 of 2...

SUSE CVE-2020-1769

In the login screens in agent and customer interface, Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: OTRS Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions...

Nextcloud: Chat room member disclosure via autocomplete API

It was possible to find out who is in a Spreed chat room using the autocomplete API, even if the person is not a member of the room. This vulnerability could have been exploited to gain information about the members of a chat room for malicious purposes...

CVE-2022-4297

The WP AutoComplete Search WordPress plugin through 1.0.4 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injection...