131 matches found
CVE-2022-3689
The HTML Forms WordPress plugin before 1.3.25 does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users...
CVE-2022-3689
The HTML Forms WordPress plugin before 1.3.25 does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users...
Sql injection
The HTML Forms WordPress plugin before 1.3.25 does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users...
CVE-2022-3689 HTML Forms < 1.3.25 - Admin+ SQLi
The HTML Forms WordPress plugin before 1.3.25 does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users...
WordPress plugin HTML Forms SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...
PT-2022-23685
Name of the Vulnerable Software and Affected Versions HTML Forms WordPress plugin versions prior to 1.3.25 Description The issue is related to a SQL injection that occurs because a parameter is not properly escaped before being used in a SQL statement. This can be exploited by high privilege user...
HTML Forms < 1.3.25 - Admin+ SQLi
The plugin does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users Access the submission page on https://example.com/wp-admin/admin.php?page=html-forms&view=edit&formid=formID&tab=submissions Capture the...
HTML Forms < 1.3.25 - Admin+ SQLi
The plugin does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users PoC Access the submission page on https://example.com/wp-admin/admin.php?page=html-forms=editid=formID=submissions Capture the request after...
WordPress HTML Forms plugin <= 1.3.24 - Auth. SQL Injection (SQLi) vulnerability
Auth. SQL Injection SQLi vulnerability discovered by Nguyen Duy Quoc Khanh in the WordPress HTML Forms plugin versions = 1.3.24. Solution Update the WordPress HTML Forms plugin to the latest available version at least 1.3.25...
.NET Denial of Service Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET 6.0, .NET 5....
GHSA-FCG8-MG9G-6HC4 .NET Denial of Service Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET 6.0, .NET 5....
Denial Of Service (DoS)
.NET and Visual Studio is vulnerable to Denial of Service. The vulnerability exists due to a flaw was found in dotnet allowing an attacker to crash the system by parsing HTML forms...
dotnet: parsing HTML causes Denial of Service
A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the ASP.NET FormFeature.cs causing a denial of service when HTML forms are parsed...
dotnet: parsing HTML causes Denial of Service
A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the ASP.NET FormFeature.cs causing a denial of service when HTML forms are parsed...
dotnet: parsing HTML causes Denial of Service
A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the ASP.NET FormFeature.cs causing a denial of service when HTML forms are parsed...
dotnet: parsing HTML causes Denial of Service
A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the ASP.NET FormFeature.cs causing a denial of service when HTML forms are parsed...
dotnet: parsing HTML causes Denial of Service
A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the ASP.NET FormFeature.cs causing a denial of service when HTML forms are parsed...
CVE-2022-29145
A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the ASP.NET FormFeature.cs causing a denial of service when HTML forms are parsed...
Librenms 跨站脚本漏洞
Librenms is a PHP and MySQL based open source network monitoring system for the Librenms community. The system features custom alerts, auto-discovery of network environments, and automatic updates.Librenms suffers from a cross-site scripting vulnerability that originates in...
CVE-2019-19987
An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. It allows Cross-Site Request Forgery CSRF on any HTML form. An attacker can exploit the vulnerability to abuse functionalities such as change password, add user, add privilege, and so on...