Lucene search
K

345 matches found

ATTACKERKB
ATTACKERKB
added 2025/11/07 12:0 a.m.3 views

CVE-2025-63689

Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 2025-09-14 allows a remote attacker to execute arbitrary code via the orderby parameter...

10CVSS6.3AI score0.00839EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/11/07 12:0 a.m.3 views

money-pos 安全漏洞

money-pos McNee Cashiering System is a cashiering system by the individual developer of McNeeMoney. A security vulnerability exists in money-pos, which stems from a SQL injection vulnerability in the orderby parameter that could lead to the execution of arbitrary code...

10CVSS8AI score0.00839EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/11/07 12:0 a.m.2 views

CVE-2025-63689

Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 2025-09-14 allows a remote attacker to execute arbitrary code via the orderby parameter...

8.4AI score0.00839EPSS
Exploits1References3
CVE
CVE
added 2025/11/07 12:0 a.m.25 views

CVE-2025-63689

CVE-2025-63689 affects the ycf1998 money-pos system prior to commit 11f276bd20a41f089298d804e43cb1c39d041e59. Multiple SQL injection vulnerabilities exist in the orderby parameter, enabling a remote attacker to execute arbitrary code. Root cause: unsafely constructed SQL with user-controlled orde...

10CVSS8.4AI score0.00839EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/07 12:0 a.m.5 views

PT-2025-45425

Name of the Vulnerable Software and Affected Versions DedeBIZ versions up to 6.3.2 Description A flaw exists in DedeBIZ that allows for remote SQL injection. The issue is located in the /admin/freelist main.php file, within an unknown function. Manipulating the orderby argument can trigger the...

5.8CVSS5AI score0.00296EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/11/07 12:0 a.m.9 views

CVE-2025-63689

Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 2025-09-14 allows a remote attacker to execute arbitrary code via the orderby parameter...

0.00839EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/11/07 12:0 a.m.13 views

DedeBIZ 安全漏洞

DedeBIZ is a content management system from China Muyun Intelligence DedeBIZ company. A security vulnerability exists in DedeBIZ 6.3.2 and earlier versions, which stems from an incorrect manipulation of the parameter orderby in the file /admin/freelistmain.php, which could lead to a SQL injection...

7.2CVSS5.5AI score0.00296EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/10/23 9:13 a.m.12 views

CVE-2025-10047

The Email Tracker – Email Log, Email Open Tracking, Email Analytics & Email Management for WordPress Emails plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 5.3.15 due to insufficient escaping on the user supplied parameter and...

4.9CVSS5.9AI score0.00334EPSS
Exploits0References1
NVD
NVD
added 2025/10/22 9:15 a.m.5 views

CVE-2025-10047

The Email Tracker – Email Log, Email Open Tracking, Email Analytics & Email Management for WordPress Emails plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 5.3.15 due to insufficient escaping on the user supplied parameter and...

4.9CVSS0.00334EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/22 8:27 a.m.7 views

EUVD-2025-35320

The Email Tracker – Email Log, Email Open Tracking, Email Analytics & Email Management for WordPress Emails plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 5.3.12 due to insufficient escaping on the user supplied parameter and...

4.9CVSS6.1AI score0.00334EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/22 8:27 a.m.3 views

CVE-2025-10047 Email Tracker <= 5.3.15 - Authenticated (Admin+) SQL Injection

The Email Tracker – Email Log, Email Open Tracking, Email Analytics & Email Management for WordPress Emails plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 5.3.15 due to insufficient escaping on the user supplied parameter and...

4.9CVSS5.9AI score0.00334EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/22 8:27 a.m.12 views

CVE-2025-10047 Email Tracker <= 5.3.15 - Authenticated (Admin+) SQL Injection

The Email Tracker – Email Log, Email Open Tracking, Email Analytics & Email Management for WordPress Emails plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 5.3.15 due to insufficient escaping on the user supplied parameter and...

4.9CVSS0.00334EPSS
Exploits0References2
CVE
CVE
added 2025/10/22 8:27 a.m.22 views

CVE-2025-10047

CVE-2025-10047 refers to a SQL Injection vulnerability in the WordPress plugin Email Tracker – Email Log, Email Open Tracking, Email Analytics & Email Management for WordPress Emails . The issue exists in all versions up to and including 5.3.12 and stems from insufficient escaping of the user-sup...

4.9CVSS5.9AI score0.00334EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/12 8:23 a.m.11 views

CVE-2025-10185

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in the action nfloadformentries in all versions up to, and including, 9.1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient...

4.9CVSS6.4AI score0.00297EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/11 9:30 a.m.6 views

EUVD-2025-33815

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in the action nfloadformentries in all versions up to, and including, 9.1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient...

4.9CVSS5.9AI score0.00297EPSS
Exploits0References4
NVD
NVD
added 2025/10/11 8:15 a.m.14 views

CVE-2025-10185

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in the action nfloadformentries in all versions up to, and including, 9.1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient...

4.9CVSS0.00297EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/11 7:25 a.m.10 views

CVE-2025-10185 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.6 - Authenticated (Admin+) SQL Injection

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in the action nfloadformentries in all versions up to, and including, 9.1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient...

4.9CVSS0.00297EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/11 7:25 a.m.4 views

CVE-2025-10185 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.6 - Authenticated (Admin+) SQL Injection

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in the action nfloadformentries in all versions up to, and including, 9.1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient...

4.9CVSS6AI score0.00297EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/11 12:0 a.m.8 views

PT-2025-41642

Name of the Vulnerable Software and Affected Versions NEX-Forms – Ultimate Forms Plugin for WordPress versions through 9.1.6 Description The software is susceptible to SQL Injection through the orderby parameter within the nf load form entries action. Insufficient input sanitization and inadequat...

4.9CVSS7.2AI score0.00297EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/10/10 1:32 a.m.5 views

CVE-2025-60265

In xckk v9.6, there is a SQL injection vulnerability in which the orderBy parameter in user/list is not securely filtered, resulting in a SQL injection vulnerability...

6.5CVSS8.1AI score0.0024EPSS
Exploits1References1
Rows per page
Query Builder