CVE-2023-26570 Missing Authentication In IDAttend’s IDWeb Application

Missing authentication in the StudentPopupDetailsTimetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers...

CVE-2023-26569 Unauthenticated SQL Injection In IDAttend’s IDWeb Application

Unauthenticated SQL injection in the StudentPopupDetailsTimetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...

CVE-2023-26568 Unauthenticated SQL Injection In IDAttend’s IDWeb Application

Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...

PT-2023-20748 · Idweb · Idweb

Name of the Vulnerable Software and Affected Versions: IDWeb application versions 3.1.052 and earlier Description: The issue concerns an unauthenticated SQL injection in the GetVisitors method, allowing unauthenticated attackers to extract or modify all data. Recommendations: For versions 3.1.052...

PT-2023-21033 · Idweb · Idweb

Name of the Vulnerable Software and Affected Versions: IDWeb application versions 3.1.052 and earlier Description: The issue is related to an unauthenticated SQL injection in the GetRoomChanges method, allowing unauthenticated attackers to extract or modify all data. Recommendations: For versions...

PT-2023-20741 · Idweb · Idweb

Name of the Vulnerable Software and Affected Versions: IDWeb application versions 3.1.052 and earlier Description: The issue concerns missing authentication in the SearchStudentsStaff method, allowing unauthenticated attackers to extract sensitive student and teacher data. Recommendations: For...

CVE-2023-5254

The ChatBot plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.8.9 via the qcldwbchatbotcheckuser function. This can allow unauthenticated attackers to extract sensitive data including confirmation as to whether a user name exists on the site ...

CVE-2023-5254 AI ChatBot <= 4.8.9 - Unauthenticated Sensitive Information Exposure via qcld_wb_chatbot_check_user

The ChatBot plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.8.9 via the qcldwbchatbotcheckuser function. This can allow unauthenticated attackers to extract sensitive data including confirmation as to whether a user name exists on the site ...

CVE-2023-5336

The iPanorama 360 – WordPress Virtual Tour Builder plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2023-4645 Ad Inserter <= 2.7.30 - Unauthenticated Sensitive Information Exposure via ai_ajax

The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the aiajax function. This can allow unauthenticated attackers to extract sensitive data such as post titles and slugs including those of protected posts along with their...

Sql injection

Farmbot-Web-App is a web control interface for the Farmbot farm automation platform. An SQL injection vulnerability was found in FarmBot's web app that allows authenticated attackers to extract arbitrary data from its database including the user table. This issue may lead to Information Disclosur...

CVE-2023-43641

CVE-2023-43641 affects libcue, a library for parsing CUE sheets. Versions

Code injection

OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use this to extract da...

OctoPrint Security Vulnerability

OctoPrint is an application. that provides a fast web interface for controlling consumer 3D printers. A security vulnerability exists in OctoPrint versions prior to 1.9.3, which originated from a vulnerability that allows an attacker to extract data managed by OctoPrint or manipulate data managed...

PT-2023-22666 · Unknown · Helpdezk Community

Name of the Vulnerable Software and Affected Versions: HelpDezk Community version 1.1.10 Description: The issue is related to a SQL injection vulnerability that could allow a remote attacker to send a specially crafted SQL query to the rows parameter of the "jsonGrid route" and extract all the...

Jorani SQL Injection Vulnerability

Jorani is a leave management system developed by Benjamin BALET, an individual developer in France. It is designed to provide small organizations with a simple workflow for leave and overtime requests. A SQL injection vulnerability exists in Jorani version 1.0.0 that originates from allowing an...

ZOHO ManageEngine Asset Management System SQL Injection Vulnerability

ZOHO ManageEngine Asset Management System is an asset management solution from ZOHO. A SQL injection vulnerability exists in ZOHO ManageEngine Asset Management System v1.0, which stems from vulnerability to an authenticated SQL injection vulnerability that could allow an authenticated attacker to...

CVE-2023-43640 TaxonWorks SQL injection vulnerability

TaxonWorks is a web-based workbench designed for taxonomists and biodiversity scientists. Prior to version 0.34.0, a SQL injection vulnerability was found in TaxonWorks that allows authenticated attackers to extract arbitrary data from the TaxonWorks database including the users table. This issue...

CVE-2023-4917 Leyka <= 3.30.7 - Authenticated (Subscriber+) Sensitive Information Exposure

The Leyka plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.30.7 via the 'leykaajaxgetenvandoptions' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including Sberbank API...

The Bug Report – August 2023 Edition

The Bug Report – August 2023 Edition By Charles McFarland · September 06, 2023 Why am I here? Welcome back to The Bug Report, the hotter-than-hell Texas edition! For those still unfamiliar with our monthly escapades, every month our trusty Advanced Research Center vulnerability research team...