31 matches found
📄 Frappe Framework 15.56.1 SQL Injection
Frappe Framework version 15.56.1 suffers from a remote SQL injection vulnerability. An authenticated SQL injection vulnerability exists in the frappe.desk.reportview.getlist API of the Frappe Framework, affecting versions v15.56.1. The vulnerability stems from improper sanitization of the fields...
PT-2024-39573 · Intelbras · Intelbras Incontrol
Name of the Vulnerable Software and Affected Versions: Intelbras InControl versions up to 2.21.57 Description: A critical issue affects some unknown functionality of the file /v1/operador/ of the component Relatório de Operadores Page. The manipulation of the fields argument leads to code...
PT-2024-39077
Name of the Vulnerable Software and Affected Versions: LearnPress – WordPress LMS Plugin versions up to, and including, 4.2.7 Description: The issue allows unauthenticated attackers to perform SQL Injection via the c fields parameter of the "/wp-json/lp/v1/courses/archive-course" REST API endpoin...
The vulnerability of the “fields” parameter on the Pangeo Radar platform’s separate data storage and management system allows a hacker to execute arbitrary SQL queries against the database.
The vulnerability of the “fields” parameter on the Pangeo Radar platform’s separate data storage and management system is related to the lack of measures taken to neutralize special elements used in SQL queries. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queri...
FunAdmin SQL注入漏洞
FunAdmin is FunAdmin open source based on ThinkPHP6 + Layui development of a lightweight high-profile back-end development system . Funadmin version 3.2.0 there is a security vulnerability , the vulnerability stems from the memberMemberLevel.php selectFields parameter found to contain SQL injecti...
CVE-2022-4158
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgFields POST parameter before concatenating it to an SQL query in users-registry-check-registering-and-login.php. This may allow malicious visitors to leak sensitive...
PT-2022-25953 · WordPress · Contest Gallery Pro +1
Name of the Vulnerable Software and Affected Versions: Contest Gallery WordPress plugin versions prior to 19.1.5.1 Contest Gallery Pro WordPress plugin versions prior to 19.1.5.1 Description: The issue arises from the failure to escape the cg Fields POST parameter before it is concatenated to an...
CVE-2021-24755
The myCred WordPress plugin before 2.3 does not validate or escape the fields parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated user...
CVE-2020-29139
A SQL injection vulnerability in interface/main/finder/patientselect.php from library/patient.inc in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the searchFields parameter...
SQL injection vulnerability in fields parameter under source/ajax.php file of doyocms system
DOYO universal station-building system using PHP and MYSQL development, is a free open source CMS station-building, enterprise station-building system , can be widely used for personal, business, government, institutions and many other website construction. doyocms system source/ajax.php file und...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the NEX-Forms Lite plugin 2.1.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the formfields parameter in a 1 doedit or 2 doinsert action to wp-admin/admin-ajax.php...