62 matches found
CVE-2023-0555
The Quick Restaurant Menu plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those...
Authorization
The Quick Restaurant Menu plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those...
PT-2023-16359 · WordPress · Quick Restaurant Menu
Name of the Vulnerable Software and Affected Versions: The Quick Restaurant Menu plugin for WordPress versions up to, and including, 2.0.2 Description: The issue allows authenticated attackers with subscriber-level permissions and above to bypass authorization and invoke actions intended for...
CVE-2021-40956
LaiKetui v3.5.0 has SQL injection in the background through the menu management function, and sensitive data can be obtained...
CVE-2021-40956
LaiKetui v3.5.0 has SQL injection in the background through the menu management function, and sensitive data can be obtained...
Sql injection
LaiKetui v3.5.0 has SQL injection in the background through the menu management function, and sensitive data can be obtained...
CVE-2021-40956
LaiKetui v3.5.0 has SQL injection in the background through the menu management function, and sensitive data can be obtained...
CVE-2021-40956
CVE-2021-40956 affects LaiKetui v3.5.0, with SQL injection via the menu management function in the background that can expose sensitive data. This corresponds to multiple sources confirming SQL injection in LaikeTui v3.5.0. No explicit exploitation details or patched version are provided in the c...
LaikeTui SQL注入漏洞
LaikeTui Laike e-commerce is a stable and small open source mall system for individual developers. A security vulnerability exists in LaikeTui v3.5.0. Attackers use this vulnerability through the menu management function in the background of the SQL injection attack , in order to obtain sensitive...
Fast Food Ordering System SQL注入漏洞
Fast Food Ordering System is a fast food ordering system from Carlo Montero's personal developer. version 1.0 of Fast Food Ordering System is vulnerable to SQL injection, which originates from /ffos/admin/menus/managemenu.php?id= The page lacks validation for external input SQL statements, which...
WTCMS Cross-Site Scripting Vulnerability (CNVD-2021-69271)
WTCMS is a content management system CMS based on ThinkPHP.A cross-site scripting vulnerability exists in the link fields under the menu management module of the WTCMS backend. No detailed vulnerability details are provided at this time...
CVE-2020-20348
WTCMS 1.0 contains a stored cross-site scripting XSS vulnerability in the link field under the background menu management module...
Cross site scripting
WTCMS 1.0 contains a stored cross-site scripting XSS vulnerability in the link field under the background menu management module...
CVE-2020-20348
WTCMS 1.0 contains a stored cross-site scripting XSS vulnerability in the link field under the background menu management module...
WTCMS 跨站脚本漏洞
WTCMS is a content management system CMS based on ThinkPHP.A cross-site scripting vulnerability exists in the link fields under the menu management module of the WTCMS backend. No detailed vulnerability details are provided at this time...
spring-boot-admin 跨站脚本漏洞
spring-boot-admin is an open source backend management system based on Spring boot Mybatis , with user management , menu management and role management 3 functions , permission control to the button level . spring-boot-admin There is a security vulnerability that can be exploited by attackers to...
Microsoft Window Manager (Windows 7 x86) - Menu Management Component UAF Privilege Elevation Exploit
Exploit for windows platform in category local exploits include include include include pragma commentlib, "psapi.lib" define POCDEBUG 0 if POCDEBUG == 1 define POCDEBUGBREAK getchar elif POCDEBUG == 2 define POCDEBUGBREAK DebugBreak else define POCDEBUGBREAK endif static PVOIDfastcall...
Microsoft Windows Manager (7 x86) - Menu Management Component UAF Privilege Elevation
Microsoft Windows Manager 7 x86 - Menu Management Component UAF Privilege Elevation...
Acuity CMS 2.7.1 - SQL Injection Vulnerability
No description provided by source. 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ /'\ \ /\ \ \ \ /'\ 0 0 \ \ /\ /\ \ \ \ /\ \ \ /\ /\ \ \ \ \ \ \ / 1 1 \ \ \ \\ \ \ /\ \...
XDcms Sql Injection 55-63
简要描述: Sql Injection 详细说明: 注入在XDCMS企业管理系统后台的菜单管理处,\system\modules\xdcms\menu.php文件: 用户在添加或者管理菜单时会调用addsave和editsave函数,9个注入点就出现在这两个函数里 addsave函数: public function addsave $title=$POST'title';//注入点1 $sort=intval$POST'sort'; $isshow=$POST'isshow';//注入点2 $groupid=$POST'groupid';//注入点3...