WordPress plugin rtMedia for WordPress, BuddyPress and bbPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-18263 · Unknown · Lunary-Ai/Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary affected versions not specified Description: An incorrect authorization issue exists in the lunary-ai/lunary repository, specifically within the evaluations.get route in the evaluations API endpoint "/api/evaluations". This...

Campcodes House Rental Management System SQL注入漏洞

Campcodes House Rental Management System is a house rental management system from Campcodes, Inc. A SQL injection vulnerability exists in version 1.0 of the Campcodes House Rental Management System, which is caused by an SQL injection in the id parameter of the managetenant.php file...

PT-2024-15149 · WordPress · The Pods – Custom Content Types/Fields

Name of the Vulnerable Software and Affected Versions: The Pods – Custom Content Types and Fields plugin for WordPress versions prior to 3.0.11, excluding versions 2.7.31.2, 2.8.23.2, and 2.9.19.2 Description: The issue arises from insufficient escaping on the user supplied parameter and lack of...

WordPress Plugin Avada 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-18478 · WordPress · Registrationmagic

Name of the Vulnerable Software and Affected Versions: RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress versions up to, and including, 5.3.1.0 Description: The issue is related to blind SQL Injection via the id parameter of the RM Form...

PT-2024-25743 · Sourcecodester · Sourcecodester Online Courseware

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Courseware version 1.0 Description: A critical issue has been found in the software, affecting the file admin/deactivatestud.php. The manipulation of the selector argument leads to SQL injection. This issue can be...

Aplaya Beach Resort Online Reservation System SQL注入漏洞

Aplaya Beach Resort Online Reservation System is the online room reservation system of Aplaya Beach Resort. SourceCodester Aplaya Beach Resort Online Reservation System version 1.0 has a SQL injection vulnerability that originates from a SQL injection in the id parameter of the...

CVE-2024-3255

A vulnerability, which was classified as critical, was found in SourceCodester Internship Portal Management System 1.0. Affected is an unknown function of the file admin/editadminquery.php. The manipulation of the argument username/password/name/adminid leads to sql injection. It is possible to...

Employee Management System 1.0 - `txtusername` and `txtpassword` SQL Injection (Admin Login)

Exploit Title: Employee Management System 1.0 - txtusername and txtpassword SQL Injection Admin Login Date: 2 Feb 2024 Exploit Author: Yevhenii Butenko Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/16999/employee-management-system.html Version:...

PT-2024-23416

Name of the Vulnerable Software and Affected Versions Metagauss ProfileGrid versions through 5.7.8 Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation by injecting...

PT-2024-15936 · WordPress · Wp Erp

Name of the Vulnerable Software and Affected Versions: WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress versions up to, and including, 1.12.9 Description: The issue is related to time-based SQL Injection via the id parameter in the...

Online Book System SQL注入漏洞

Online Book System is an online booking system. A SQL injection vulnerability exists in code-projects Online Book System version 1.0, which originates from a SQL injection vulnerability in the value parameter of the /Product.php file...

CVE-2024-27916

Minder is a software supply chain security platform. Prior to version 0.0.33, a Minder user can use the endpoints GetRepositoryByName, DeleteRepositoryByName, and GetArtifactByName to access any repository in the database, irrespective of who owns the repo and any permissions present. The databas...

WordPress Plugin Advanced Form Integration Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2024-27916 `GetRepositoryByName`, `DeleteRepositoryByName` and `GetArtifactByName` allow access of arbitrary repositories in Minder by any authenticated user

Minder is a software supply chain security platform. Prior to version 0.0.33, a Minder user can use the endpoints GetRepositoryByName, DeleteRepositoryByName, and GetArtifactByName to access any repository in the database, irrespective of who owns the repo and any permissions present. The databas...

PT-2024-18687 · Sourcecodester · Sourcecodester Petrol Pump Management

Name of the Vulnerable Software and Affected Versions: SourceCodester Petrol Pump Management Software version 1.0 Description: A critical issue has been found in the software, affecting the processing of the file /admin/edit categories.php. The manipulation of the id argument leads to sql...

CVE-2024-1982

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the getrestoreprogress and restore functions in all versions up to, and including, 0.9.68. This makes it possible for unauthenticated attackers to exploit a SQL...

WordPress Plugin Malware Scanner SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PMB SQL Injection Vulnerability

PMB is a 100% free document management reference tool from the PMB Services team. A SQL injection vulnerability exists in PMB version v.7.4.7, which originates from a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code via thesaurus parameter in...