Lucene search
K

110 matches found

Cvelist
Cvelist
added 2025/03/07 6:40 a.m.23 views

CVE-2025-1475 WPCOM Member <= 1.7.5 - Authentication Bypass via 'user_phone'

The WPCOM Member plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.7.5. This is due to insufficient verification on the 'userphone' parameter when logging in. This makes it possible for unauthenticated attackers to log in as any existing user on t...

9.8CVSS0.00597EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/05 3:8 a.m.7 views

CVE-2024-6328

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.14.7. This is due to insufficient verification on the 'phone' parameter of the 'firebasesmslogin' and 'firebasesmsloginv2' functions...

9.8CVSS6.9AI score0.0067EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/20 12:0 a.m.4 views

WordPress plugin Feedify – Web Push Notifications 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...

6.1CVSS7.7AI score0.00352EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/12/20 12:0 a.m.4 views

PT-2024-17267 · WordPress · Feedify – Web Push Notifications

Name of the Vulnerable Software and Affected Versions: The Feedify – Web Push Notifications plugin for WordPress versions up to, and including, 2.4.2 Description: The issue is related to Reflected Cross-Site Scripting via the platform, phone, email, and store url parameters due to insufficient...

6.1CVSS8.7AI score0.00352EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/11/26 12:0 a.m.5 views

CodeAstro Hospital Management System 安全漏洞

CodeAstro Hospital Management System is a hospital management system from CodeAstro, Inc. A security vulnerability exists in CodeAstro Hospital Management System version 1.0 that stems from incorrect manipulation of the parameters vname, vadr, vnumber, vemail, vphone, and vdesc can lead to...

5.4CVSS4.4AI score0.00454EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/11/23 12:0 a.m.6 views

PT-2024-17147 · Unknown · Code-Projects Simple Car Rental System

Name of the Vulnerable Software and Affected Versions: code-projects Simple Car Rental System version 1.0 Description: A critical issue has been found in the code-projects Simple Car Rental System. The problem is related to an unknown function of the file /book car.php, where the manipulation of...

9.8CVSS7.8AI score0.00784EPSS
Exploits1References10
CNNVD
CNNVD
added 2024/11/23 12:0 a.m.6 views

Code-Projects Simple Car Rental System 注入漏洞

Code-Projects Simple Car Rental System is an open source car rental software from Code-Projects. An injection vulnerability exists in Code-Projects Simple Car Rental System version 1.0, which stems from incorrect manipulation of the parameters fname, idno, gender, email, phone, and location can...

9.8CVSS7.9AI score0.00784EPSS
Exploits1References5
CNVD
CNVD
added 2024/11/11 12:0 a.m.3 views

Teachers Record Management System add-teacher.php File SQL Injection Vulnerability

Teachers Record Management System is a teacher record management system. Teachers Record Management System is vulnerable to a SQL injection vulnerability that stems from the presence of a SQL injection vulnerability in the add-teacher.php file via a cell phone number or email parameter. No detail...

9.1CVSS8AI score0.00493EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/10/31 12:0 a.m.5 views

PHPGurukul Teachers Record Management System 安全漏洞

Teachers Record Management System is a teacher record management system. Teachers Record Management System is vulnerable to a SQL injection vulnerability that stems from the presence of a SQL injection vulnerability in the add-teacher.php file via a cell phone number or email parameter. No detail...

9.1CVSS7.9AI score0.00493EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/10/29 12:0 a.m.5 views

AreaLoad SQL注入漏洞

AreaLoad is an open source job upload platform written in PHP by Lizihu Utopia LUNA Association. AreaLoad suffers from an SQL injection vulnerability that stems from the parameter phone in the file request.php that can lead to SQL injection...

5.5CVSS6.4AI score0.00291EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/10/29 12:0 a.m.7 views

PT-2024-10604 · Unknown · Lunad3V Areaload

Name of the Vulnerable Software and Affected Versions: LUNAD3v AreaLoad up to 1a1103182ed63a06dde63d1712f3262eda19c3ec Description: A critical issue affects the processing of the file request.php, where the manipulation of the phone argument leads to sql injection. The estimated number of...

5.5CVSS7.6AI score0.00291EPSS
Exploits0References7
OSV
OSV
added 2024/10/25 5:15 p.m.6 views

CVE-2022-30360

OvalEdge 5.2.8.0 and earlier is affected by multiple Stored XSS AKA Persistent or Type II vulnerabilities via a POST request to /profile/updateProfile via the slackid or phone parameters. Authentication is required...

6.4CVSS5.8AI score0.00274EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/10/25 12:0 a.m.5 views

OvalEdge 安全漏洞

OvalEdge is a solution from US-based OvalEdge that helps users create, manage and use data from a variety of sources through AI and human intelligence. A security vulnerability exists in OvalEdge version 5.2.8.0 and earlier, which stems from a POST request to /profile/updateProfile via the slacki...

6.4CVSS6.4AI score0.00274EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/10/25 12:0 a.m.11 views

PT-2024-11558 · Ovaledge · Ovaledge

Name of the Vulnerable Software and Affected Versions: OvalEdge versions 5.2.8.0 and earlier Description: The issue is related to multiple Stored XSS also known as Persistent or Type II vulnerabilities. These vulnerabilities can be exploited via a POST request to the "/profile/updateProfile" API...

6.4CVSS6.2AI score0.00274EPSS
Exploits1References5
OSV
OSV
added 2024/08/27 10:15 p.m.7 views

CVE-2024-8219

A vulnerability was found in code-projects Responsive Hotel Site 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument name/phone/email leads to sql injection. It is possible to launch the attack remotely. The exploit has...

9.8CVSS5.8AI score
Exploits0References5
CNNVD
CNNVD
added 2024/08/27 12:0 a.m.7 views

Code-Projects Online Quiz Site SQL注入漏洞

Code-Projects Online Quiz Site is a Code-Projects open source online quiz site. A SQL injection vulnerability exists in Online Quiz Site version 1.0, which stems from a SQL injection caused by operations on the parameters name/phone/email in the file index.php...

9.8CVSS7.8AI score0.00646EPSS
Exploits1References6
Cvelist
Cvelist
added 2024/08/22 12:0 a.m.21 views

CVE-2024-42762

A Stored Cross Site Scripting XSS vulnerability was found in "/history.php" in Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via the Name, Phone, and Email parameter fields...

0.00415EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/08/22 12:0 a.m.13 views

CVE-2024-42762

A Stored Cross Site Scripting XSS vulnerability was found in "/history.php" in Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via the Name, Phone, and Email parameter fields...

6.3AI score0.00415EPSS
Exploits1References2
OSV
OSV
added 2024/07/12 11:15 a.m.9 views

CVE-2024-6328

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.14.7. This is due to insufficient verification on the 'phone' parameter of the 'firebasesmslogin' and 'firebasesmsloginv2' functions...

9.8CVSS5.8AI score0.0067EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/07/12 12:0 a.m.13 views

PT-2024-37544 · WordPress · Mstore Api

Name of the Vulnerable Software and Affected Versions: MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress versions up to, and including, 4.14.7 Description: The issue is due to insufficient verification on the phone parameter of the firebase sms login and firebase sms...

9.8CVSS6.8AI score0.0067EPSS
Exploits0References8
Rows per page
Query Builder