129 matches found
Sql injection
The HTML Forms WordPress plugin before 1.3.25 does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users...
CVE-2022-3689 HTML Forms < 1.3.25 - Admin+ SQLi
The HTML Forms WordPress plugin before 1.3.25 does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users...
WordPress plugin HTML Forms SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...
PT-2022-23685
Name of the Vulnerable Software and Affected Versions HTML Forms WordPress plugin versions prior to 1.3.25 Description The issue is related to a SQL injection that occurs because a parameter is not properly escaped before being used in a SQL statement. This can be exploited by high privilege user...
HTML Forms < 1.3.25 - Admin+ SQLi
The plugin does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users Access the submission page on https://example.com/wp-admin/admin.php?page=html-forms&view=edit&formid=formID&tab=submissions Capture the...
HTML Forms < 1.3.25 - Admin+ SQLi
The plugin does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users PoC Access the submission page on https://example.com/wp-admin/admin.php?page=html-forms=editid=formID=submissions Capture the request after...
WordPress HTML Forms plugin <= 1.3.24 - Auth. SQL Injection (SQLi) vulnerability
Auth. SQL Injection SQLi vulnerability discovered by Nguyen Duy Quoc Khanh in the WordPress HTML Forms plugin versions = 1.3.24. Solution Update the WordPress HTML Forms plugin to the latest available version at least 1.3.25...
GHSA-FCG8-MG9G-6HC4 .NET Denial of Service Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET 6.0, .NET 5....
.NET Denial of Service Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET 6.0, .NET 5....
Denial Of Service (DoS)
.NET and Visual Studio is vulnerable to Denial of Service. The vulnerability exists due to a flaw was found in dotnet allowing an attacker to crash the system by parsing HTML forms...
dotnet: parsing HTML causes Denial of Service
A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the ASP.NET FormFeature.cs causing a denial of service when HTML forms are parsed...
dotnet: parsing HTML causes Denial of Service
A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the ASP.NET FormFeature.cs causing a denial of service when HTML forms are parsed...
dotnet: parsing HTML causes Denial of Service
A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the ASP.NET FormFeature.cs causing a denial of service when HTML forms are parsed...
dotnet: parsing HTML causes Denial of Service
A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the ASP.NET FormFeature.cs causing a denial of service when HTML forms are parsed...
dotnet: parsing HTML causes Denial of Service
A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the ASP.NET FormFeature.cs causing a denial of service when HTML forms are parsed...
CVE-2022-29145
A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the ASP.NET FormFeature.cs causing a denial of service when HTML forms are parsed...
Librenms 跨站脚本漏洞
Librenms is a PHP and MySQL based open source network monitoring system for the Librenms community. The system features custom alerts, auto-discovery of network environments, and automatic updates.Librenms suffers from a cross-site scripting vulnerability that originates in...
CVE-2019-19987
An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. It allows Cross-Site Request Forgery CSRF on any HTML form. An attacker can exploit the vulnerability to abuse functionalities such as change password, add user, add privilege, and so on...
Cross site request forgery (csrf)
An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. It allows Cross-Site Request Forgery CSRF on any HTML form. An attacker can exploit the vulnerability to abuse functionalities such as change password, add user, add privilege, and so on...
CVE-2019-19987
An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. It allows Cross-Site Request Forgery CSRF on any HTML form. An attacker can exploit the vulnerability to abuse functionalities such as change password, add user, add privilege, and so on...