PT-2024-18478 · WordPress · Registrationmagic

Name of the Vulnerable Software and Affected Versions: RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress versions up to, and including, 5.3.1.0 Description: The issue is related to blind SQL Injection via the id parameter of the RM Form...

PT-2024-15149 · WordPress · The Pods – Custom Content Types/Fields

Name of the Vulnerable Software and Affected Versions: The Pods – Custom Content Types and Fields plugin for WordPress versions prior to 3.0.11, excluding versions 2.7.31.2, 2.8.23.2, and 2.9.19.2 Description: The issue arises from insufficient escaping on the user supplied parameter and lack of...

PT-2024-25743 · Sourcecodester · Sourcecodester Online Courseware

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Courseware version 1.0 Description: A critical issue has been found in the software, affecting the file admin/deactivatestud.php. The manipulation of the selector argument leads to SQL injection. This issue can be...

Aplaya Beach Resort Online Reservation System SQL注入漏洞

Aplaya Beach Resort Online Reservation System is the online room reservation system of Aplaya Beach Resort. SourceCodester Aplaya Beach Resort Online Reservation System version 1.0 has a SQL injection vulnerability that originates from a SQL injection in the id parameter of the...

CVE-2024-3255

A vulnerability, which was classified as critical, was found in SourceCodester Internship Portal Management System 1.0. Affected is an unknown function of the file admin/editadminquery.php. The manipulation of the argument username/password/name/adminid leads to sql injection. It is possible to...

Employee Management System 1.0 - `txtusername` and `txtpassword` SQL Injection (Admin Login)

Exploit Title: Employee Management System 1.0 - txtusername and txtpassword SQL Injection Admin Login Date: 2 Feb 2024 Exploit Author: Yevhenii Butenko Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/16999/employee-management-system.html Version:...

PT-2024-23416

Name of the Vulnerable Software and Affected Versions Metagauss ProfileGrid versions through 5.7.8 Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation by injecting...

PT-2024-15936 · WordPress · Wp Erp

Name of the Vulnerable Software and Affected Versions: WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress versions up to, and including, 1.12.9 Description: The issue is related to time-based SQL Injection via the id parameter in the...

Online Book System SQL注入漏洞

Online Book System is an online booking system. A SQL injection vulnerability exists in code-projects Online Book System version 1.0, which originates from a SQL injection vulnerability in the value parameter of the /Product.php file...

CVE-2024-27916

Minder is a software supply chain security platform. Prior to version 0.0.33, a Minder user can use the endpoints GetRepositoryByName, DeleteRepositoryByName, and GetArtifactByName to access any repository in the database, irrespective of who owns the repo and any permissions present. The databas...

WordPress Plugin Advanced Form Integration Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2024-27916 `GetRepositoryByName`, `DeleteRepositoryByName` and `GetArtifactByName` allow access of arbitrary repositories in Minder by any authenticated user

Minder is a software supply chain security platform. Prior to version 0.0.33, a Minder user can use the endpoints GetRepositoryByName, DeleteRepositoryByName, and GetArtifactByName to access any repository in the database, irrespective of who owns the repo and any permissions present. The databas...

PT-2024-18687 · Sourcecodester · Sourcecodester Petrol Pump Management

Name of the Vulnerable Software and Affected Versions: SourceCodester Petrol Pump Management Software version 1.0 Description: A critical issue has been found in the software, affecting the processing of the file /admin/edit categories.php. The manipulation of the id argument leads to sql...

CVE-2024-1982

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the getrestoreprogress and restore functions in all versions up to, and including, 0.9.68. This makes it possible for unauthenticated attackers to exploit a SQL...

WordPress Plugin Malware Scanner SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PMB SQL Injection Vulnerability

PMB is a 100% free document management reference tool from the PMB Services team. A SQL injection vulnerability exists in PMB version v.7.4.7, which originates from a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code via thesaurus parameter in...

DEBIAN-CVE-2024-23833

OpenRefine is a free, open source power tool for working with messy data and improving it. A jdbc attack vulnerability exists in OpenRefineversion=3.7.7 where an attacker may construct a JDBC query which may read files on the host filesystem. Due to the newer MySQL driver library in the latest...

The vulnerability of the WP Sessions Time Monitoring plugin in the fully automatic WordPress content management system allows attackers to expose protected information.

The vulnerability of the WP Sessions Time Monitoring full-automatic content management system’s plugin is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to disclose the protected information...

CVE-2024-1207

The WP Booking Calendar plugin for WordPress is vulnerable to SQL Injection via the 'calendarrequestparamsdatesddmmyycsv' parameter in all versions up to, and including, 9.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

Novel-Plus SQL Injection Vulnerability

Novel-Plus is an online social reading and writing platform from Novel-Plus, Inc. A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and earlier versions, which stems from a SQL injection vulnerability in the path /system/dataPerm/list...