Lucene search
K

6 matches found

Prion
Prion
added 2021/06/14 2:15 p.m.16 views

Sql injection

When deleting a date in the Xllentech English Islamic Calendar WordPress plugin before 2.6.8, the yearnumber and monthnumber POST parameters are not sanitised, escaped or validated before being used in a SQL statement, leading to SQL injection...

6.5CVSS8.9AI score0.01586EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2021/06/14 1:37 p.m.26 views

CVE-2021-24341 Xllentech English Islamic Calendar < 2.6.8 - Authenticated SQL Injection

When deleting a date in the Xllentech English Islamic Calendar WordPress plugin before 2.6.8, the yearnumber and monthnumber POST parameters are not sanitised, escaped or validated before being used in a SQL statement, leading to SQL injection...

9.2AI score0.01586EPSS
Exploits2References2
CVE
CVE
added 2021/06/14 1:37 p.m.78 views

CVE-2021-24341

CVE-2021-24341 affects the WordPress Xllentech English Islamic Calendar plugin (before 2.6.8). The issue stems from unsanitised year_number and month_number POST parameters used directly in a SQL statement during the delete date operation, enabling SQL injection. Exploitation details are not prov...

8.8CVSS9AI score0.01586EPSS
Exploits2References2Affected Software1
CNNVD
CNNVD
added 2021/06/14 12:0 a.m.5 views

WordPress SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress Xllentech English Islamic Calendar plugin prior to...

8.8CVSS6.1AI score0.01586EPSS
Exploits2References2
Patchstack
Patchstack
added 2021/05/27 12:0 a.m.18 views

WordPress Xllentech English Islamic Calendar plugin <= 2.6.7 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Syed Sheeraz Ali in WordPress Xllentech English Islamic Calendar plugin versions = 2.6.7. Solution Update the WordPress Xllentech English Islamic Calendar plugin to the latest available version at least 2.6.8...

8.8CVSS2.9AI score0.01586EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2021/05/27 12:0 a.m.142 views

Xllentech English Islamic Calendar < 2.6.8 - Authenticated SQL Injection

When deleting a date in the plugin, the yearnumber and monthnumber POST parameters are not sanitised, escaped or validated before being used in a SQL statement, leading to SQL injection. POST /wp-admin/options-general.php?page=xllentechoptionstab4 HTTP/1.1 Content-Length: 220 Cache-Control:...

8.8CVSS1.2AI score0.01586EPSS
Exploits2References1
Rows per page
Query Builder