Lucene search
K

6025 matches found

Nuclei
Nuclei
added 8 hours ago15 views

Emlog 2.1.9 - SQL Injection

emlog v2.1.9 contains a SQL injection caused by unsanitized input in the data backup/restore functionality, allowing attackers to execute arbitrary SQL commands through crafted backup files. id: CVE-2023-39121 info: name: Emlog 2.1.9 - SQL Injection author: wjch611 severity: high description: |...

7.2CVSS7.2AI score0.02258EPSS
Exploits1References2
Nuclei
Nuclei
added 8 hours ago80 views

WordPress Easy Digital Downloads <= 3.2.12 - SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a through 3.2.12. id: CVE-2024-5057 info: name: WordPress Easy Digital Downloads = 3.2.12 - SQL Injecti...

9.8CVSS6.1AI score0.02588EPSS
Exploits0References3
Nuclei
Nuclei
added 8 hours ago10 views

SonicWall GMS and Analytics - SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics:...

7.5CVSS7.1AI score0.77027EPSS
Exploits2References5
Nuclei
Nuclei
added 8 hours ago22 views

XWiki Platform - SQL Injection

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 9.4-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, it's possible for anyone to inject SQL using the parameter sort of the getdeleteddocuments.vm. It's injected as is as an...

9.8CVSS7.1AI score0.8541EPSS
Exploits6References2
Nuclei
Nuclei
added 8 hours ago51 views

Atom.CMS 2.0 - SQL Injection

Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMSadminuploads.php which allows an attacker to execute arbitrary SQL commands. id: CVE-2022-28033 info: name: Atom.CMS 2.0 - SQL Injection author: ritikchaddha severity: critical description: | Atom.CMS 2.0 is vulnerable to SQL Injection via...

9.8CVSS7.2AI score0.05412EPSS
Exploits1References2
Nuclei
Nuclei
added 8 hours ago62 views

PrestaShop productsalert - SQL Injection

In the module 'Products Alert' productsalert up to version 1.7.4 from Smart Modules for PrestaShop, a guest can perform SQL injection in affected versions. id: CVE-2024-36683 info: name: PrestaShop productsalert - SQL Injection author: mastercho severity: critical description: | In the module...

7.3CVSS6.1AI score0.00963EPSS
Exploits0References2
Nuclei
Nuclei
added 8 hours ago322 views

SonicWall GMS and Analytics Web Services - Shell Injection

The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions id: CVE-2023-34124 info: name: SonicWall GMS and Analytics Web...

9.8CVSS6.9AI score0.40891EPSS
Exploits2References5
Nuclei
Nuclei
added 8 hours ago43 views

Old Age Home Management System v1.0 - SQL Injection

Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter. id: CVE-2023-33338 info: name: Old Age Home Management System v1.0 - SQL Injection author: Harsh severity: critical description: | Old Age Home Management 1.0 is vulnerable to SQL Injection via the username...

9.8CVSS7.1AI score0.03662EPSS
Exploits1References2
Nuclei
Nuclei
added 8 hours ago665 views

Thinkphp Lang - Local File Inclusion

ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled langswitchon=true. An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php. id:...

9.8CVSS7.1AI score0.15505EPSS
Exploits2References5
Nuclei
Nuclei
added 8 hours ago64 views

Bangresto - SQL Injection

Bangresto 1.0 is vulnberable to SQL Injection via the itemqty%5B%5D parameter. id: CVE-2022-46443 info: name: Bangresto - SQL Injection author: Harsh severity: high description: | Bangresto 1.0 is vulnberable to SQL Injection via the itemqty%5B%5D parameter. impact: | Successful exploitation of...

8.8CVSS7.1AI score0.37729EPSS
Exploits1References3
Nuclei
Nuclei
added 8 hours ago134 views

Imgproxy <= 3.14.0 - Server-side request forgery (SSRF)

imgproxy =3.14.0 is vulnerable to Server-Side Request Forgery SSRF due to a lack of sanitization of the imageURL parameter. id: CVE-2023-30019 info: name: Imgproxy = 3.14.0 - Server-side request forgery SSRF author: DhiyaneshDK severity: medium description: | imgproxy =3.14.0 is vulnerable to...

5.3CVSS6.2AI score0.02214EPSS
Exploits1References3
Nuclei
Nuclei
added 8 hours ago43 views

Good Layers LMS Plugin <= 2.1.4 - SQL Injection

An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin = 2.1.4 exists due to the usage of "wpajaxnopriv" call in WordPress, which allows any unauthenticated user to get access to the function "gdlrlmscancelbooking" where POST Parameter "id" was sent straight into SQL query witho...

9.8CVSS7.1AI score0.1064EPSS
Exploits2References3
Nuclei
Nuclei
added 8 hours ago75 views

Zabbix - SQL Injection

Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggleids array parameter in latest.php and perform SQL injection attacks. id: CVE-2016-10134 info: name: Zabbix - SQL Injection author: princechaddha severity: critical description: Zabbix...

9.8CVSS7.3AI score0.83284EPSS
Exploits24References5
Nuclei
Nuclei
added 8 hours ago74 views

Apache Cocoon 2.1.12 - XML Injection

Apache Cocoon 2.1.12 is susceptible to XML injection. When using the StreamGenerator, the code parses a user-provided XML. A specially crafted XML, including external system entities, can be used to access any file on the server system. id: CVE-2020-11991 info: name: Apache Cocoon 2.1.12 - XML...

7.5CVSS7AI score0.72456EPSS
Exploits1References5
Nuclei
Nuclei
added 8 hours ago51 views

Bloofox v0.5.2.1 - SQL Injection

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit. id: CVE-2023-34754 info: name: Bloofox v0.5.2.1 - SQL Injection author: ritikchaddha severity: critical description: | bloofox v0.5.2.1 was...

9.8CVSS7.1AI score0.03449EPSS
Exploits1References2
Nuclei
Nuclei
added 8 hours ago74 views

PrestaShop xipblog - SQL Injection

In the blog module xipblog, an anonymous user can perform SQL injection. Even though the module has been patched in version 2.0.1, the version number was not incremented at the time. id: CVE-2023-27847 info: name: PrestaShop xipblog - SQL Injection author: mastercho severity: critical description...

9.8CVSS6.9AI score0.04715EPSS
Exploits1References2
Nuclei
Nuclei
added 8 hours ago95 views

IncomCMS 2.0 - Arbitrary File Upload

IncomCMS 2.0 has a an insecure file upload vulnerability in modules/uploader/showcase/script.php. This allows unauthenticated attackers to upload files into the server. id: CVE-2020-29597 info: name: IncomCMS 2.0 - Arbitrary File Upload author: princechaddha severity: critical description: |...

9.8CVSS7AI score0.71006EPSS
Exploits3References5
Nuclei
Nuclei
added 8 hours ago36 views

Visualizer <3.3.1 - Blind Server-Side Request Forgery

Visualizer prior to 3.3.1 suffers from a blind server-side request forgery vulnerability via the /wp-json/visualizer/v1/upload-data endpoint. id: CVE-2019-16932 info: name: Visualizer 3.3.1 - Blind Server-Side Request Forgery author: akincibor severity: critical description: | Visualizer prior to...

10CVSS7AI score0.39137EPSS
Exploits2References5
Nuclei
Nuclei
added 8 hours ago82 views

Pallets Werkzeug <0.15.5 - Local File Inclusion

Pallets Werkzeug before 0.15.5 is susceptible to local file inclusion because SharedDataMiddleware mishandles drive names such as C: in Windows pathnames. id: CVE-2019-14322 info: name: Pallets Werkzeug 0.15.5 - Local File Inclusion author: madrobot severity: high description: | Pallets Werkzeug...

7.5CVSS7AI score0.55526EPSS
Exploits7References5
Nuclei
Nuclei
added 8 hours ago35 views

74cms - ajax_officebuilding.php SQL Injection

A SQL injection vulnerability exists in 74cms 3.2.0 via the x parameter to ajaxofficebuilding.php. id: CVE-2020-22210 info: name: 74cms - ajaxofficebuilding.php SQL Injection author: ritikchaddha severity: critical description: | A SQL injection vulnerability exists in 74cms 3.2.0 via the x...

9.8CVSS6.8AI score0.08579EPSS
Exploits1References3
Rows per page
Query Builder