1308 matches found
WordPress Hero Slider plugin <= 1.3.5 - Authenticated (Subscriber+) SQL Injection vulnerability
Authenticated Subscriber+ SQL Injection vulnerability discovered by Lucio Sá in WordPress Plugin Hero Slider versions = 1.3.5...
zz 注入漏洞
zz is an e-commerce platform for zj1983 individual developers. An injection vulnerability exists in zz 2024-8 and prior versions, which stems from SQL injection and could lead to remote code execution...
CVE-2025-26971
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ays-pro Poll Maker allows Blind SQL Injection. This issue affects Poll Maker: from n/a through 5.6.5...
WordPress plugin vents Manager SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...
WordPress plugin Pollin SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...
CVE-2024-13595
The Simple Signup Form plugin for WordPress is vulnerable to SQL Injection via the 'id' attribute of the 'ssf' shortcode in all versions up to, and including, 1.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...
ChurchCRM 安全漏洞
ChurchCRM is an open source CRM system built for churches by ChurchCRM Open Source. A security vulnerability exists in ChurchCRM version 5.13.0 and prior versions that stems from the newCountName parameter being directly connected to a SQL query without proper cleanup. An attacker exploiting this...
Library Card System 注入漏洞
Library Card System is a library management system. A SQL injection vulnerability exists in Library Card System version 1.0, which originates from a lack of validation of the id parameter of the card.php file against externally entered SQL statements. An attacker can use this vulnerability to...
WordPress Bit Assist plugin <= 1.5.2 - Authenticated (Subscriber+) SQL Injection via id Parameter vulnerability
Authenticated Subscriber+ SQL Injection via id Parameter vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Bit Assist versions = 1.5.2...
WeGIA SQL注入漏洞
WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. An SQL injection vulnerability exists in WeGIA 3.2.11 and prior versions that originates from allowing an authorized attacker to execute arbitrary SQL queries that could allow access to or delete sensitiv...
CVE-2024-53357
Multiple SQL injection vulnerabilities in EasyVirt DCScope = 8.6.0 and CO2Scope = 1.3.0 allows remote authenticated attackers, with low privileges, to 1 add an admin user via the /api/user/addalias route; 2 modifiy a user via the /api/user/updatealiasroute; 4 delete users via the /api/user/delali...
Centreon SQL注入漏洞
Centreon is a set of open source system monitoring tools from the French company Centreon . The product provides monitoring capabilities for resources such as networks, systems and applications. A security vulnerability exists in versions of Centreon Web prior to 24.10.3, which originates from an...
WeGIA SQL注入漏洞
WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. A SQL injection vulnerability exists in WeGIA versions prior to 3.2.9. An attacker can exploit this vulnerability to execute arbitrary SQL commands in the database to access sensitive information...
PT-2025-2042 · WordPress · Wp Extended
Name of the Vulnerable Software and Affected Versions: The Ultimate WordPress Toolkit – WP Extended plugin for WordPress versions up to, and including, 3.0.12 Description: The issue is related to time-based SQL Injection via the Login Attempts module due to insufficient escaping on the user...
CVE-2024-35278
A improper neutralization of special elements used in an sql command 'sql injection' in Fortinet FortiPortal versions 7.2.4 through 7.2.0 and 7.0.0 through 7.2.8 may allow an authenticated attacker to view the SQL query being run server-side when submitting an HTTP request, via including special...
WordPress plugin WPLMS SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WPL...
InfotelGLPI tasklists SQL注入漏洞
InfotelGLPI tasklists is an InfotelGLPI plugin for use in GLPI, an open source helpdesk and asset tracking system that provides task management and Kanban functionality. An SQL injection vulnerability exists in InfotelGLPI tasklists versions prior to 2.0.4, which stems from the presence of a blin...
1000 Projects Daily College Class Work Report Book 注入漏洞
1000 Projects Daily College Class Work Report Book is an open source college class work report book by 1000 Projects. An injection vulnerability exists in version 1.0 of 1000 Projects Daily College Class Work Report Book, which stems from the user parameter in the /login.php file that can cause S...
Code-Projects Simple Admin Panel 安全漏洞
Code-Projects Simple Admin Panel is a simple admin panel for Code-Projects open source. A security vulnerability exists in Code-Projects Simple Admin Panel version 1.0, which stems from a size parameter SQL injection vulnerability in the addCatController.php file...
CodeAstro House Rental Management System 注入漏洞
CodeAstro House Rental Management System is a house rental management system from CodeAstro. An injection vulnerability exists in CodeAstro House Rental Management System version 1.0, which stems from an incorrect manipulation of the parameter u/p that can lead to SQL injection...