WordPress GiveWP plugin <= 2.20.2 - Authenticated Arbitrary File Read via Export function vulnerability

Authenticated Arbitrary File Read via Export function vulnerability discovered by Rafie Muhammad aka Yeraisci Patchstack Alliance in WordPress GiveWP plugin versions = 2.20.2. Solution Update the WordPress GiveWP plugin to the latest available version at least 2.21.0...

WordPress GiveWP plugin <= 2.20.2 - Authenticated Arbitrary File Creation via Export function vulnerability

Authenticated Arbitrary File Creation via Export function vulnerability discovered by Rafie Muhammad aka Yeraisci Patchstack Alliance in WordPress GiveWP plugin versions = 2.20.2. Solution Update the WordPress GiveWP plugin to the latest available version at least 2.21.0...

WordPress RSVP and Event Management plugin访问控制错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. The WordPress RSVP and Event Management plugin is vulnerable to an access control error that results from...

CVE-2022-1054

The RSVP and Event Management Plugin WordPress plugin before 2.7.8 does not have any authorisation checks when exporting its entries, and has the export function hooked to the init action. As a result, unauthenticated attackers could call it and retrieve PII such as first name, last name and emai...

WordPress plugin RSVP and Event Management Plugin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. The WordPress RSVP and Event Management plugin is vulnerable to an access control error that results from...

PT-2025-45364

Name of the Vulnerable Software and Affected Versions SuiteCRM versions prior to 7.12.6 Description SuiteCRM’s export functionality has a SQL injection issue due to a failure to sanitize SQL query structure when processing the uid parameter. Successful exploitation could allow a remote,...

GHSA-3QPG-33WR-533J Improper Restriction of XML External Entity Reference in Magnolia CMS

An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted XLF file...

GHSA-65HP-4VXR-C356 Arbitrary code execution in Magnolia CMS

An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted CSV/XLS file...

CVE-2021-46363

An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS files. These formulas may result in arbitrary code execution on a victim's computer when opening the exported files with Microsoft Excel...

CVE-2021-46363

An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS files. These formulas may result in arbitrary code execution on a victim's computer when opening the exported files with Microsoft Excel...

CVE-2021-46365

An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML External Entity attacks via a crafted XLF file...

CVE-2021-46365

An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML External Entity attacks via a crafted XLF file...

CVE-2021-46363

An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS files. These formulas may result in arbitrary code execution on a victim's computer when opening the exported files with Microsoft Excel...

Xxe

An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML External Entity attacks via a crafted XLF file...

Design/Logic Flaw

An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS files. These formulas may result in arbitrary code execution on a victim's computer when opening the exported files with Microsoft Excel...

CVE-2021-46365

An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML External Entity attacks via a crafted XLF file...

CVE-2021-46365

CVE-2021-46365 affects Magnolia CMS v6.2.3 and earlier, where the Export function processes crafted XLF files enabling XML External Entity (XXE) attacks. The reported impact is high (CVSS 3.1: High) with local exploitability and potential high confidentiality/integrity/availability impact as per ...

CVE-2021-46363

Magnolia CMS vulnerability CVE-2021-46363 affects Magnolia v6.2.3 and earlier, where the Export function can be abused to trigger Formula Injection via crafted CSV/XLS files, potentially leading to arbitrary code execution when opened in Excel. Impact is associated with local/ content-based execu...

CVE-2021-24915

The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform SQL injections...

Ericsson Network Location Mps Gmpc21 命令注入漏洞

Ericsson Network Location Mps Gmpc21 is a network mobile positioning system from Ericsson, Sweden. Ericsson Network Location MPS GMPC21 suffers from a command injection vulnerability that arises from the lack of filtering and escaping of SQL statements in the file name query in the export functio...