WordPress YDS Support Ticket System plugin <= 1.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin YDS Support Ticket System versions = 1.0...

CVE-2024-11713

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'pageid' parameter of the wpjobportaldeactivate function in all versions up to, and including, 2.2.2 due to insufficient escaping on the user supplied...

WordPress plugin WP Job Portal SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

CVE-2024-11837

Improper Neutralization of Special Elements used in an N1QL Command 'N1QL Injection' vulnerability in PlexTrac allows N1QL Injection.This issue affects PlexTrac: from 1.61.3 before 2.8.1...

PlexTrac 安全漏洞

PlexTrac is a penetration test reporting and management platform from PlexTrac Inc. in the United States. A security vulnerability exists in PlexTrac versions prior to 1.61.3 through 2.8.1 that stems from improper neutralization of special elements used in N1QL commands, resulting in N1QL injecti...

CVE-2024-12480

A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been classified as critical. Affected is the function searchTopic of the file wetech-cms-master\wetech-core\src\main\java\tech\wetech\cms\dao\TopicDao.java. The manipulation of the argument con leads to sql injection. It is possible...

CVE-2024-12484

A vulnerability classified as critical was found in Codezips Technical Discussion Forum 1.0. This vulnerability affects unknown code of the file /signuppost.php. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed ...

1000 Projects Attendance Tracking Management System 注入漏洞

1000 Projects Attendance Tracking Management System is an open source attendance management system from 1000 Projects. An injection vulnerability exists in 1000 Projects Attendance Tracking Management System version 1.0, which originates from the parameter adminusername in the file...

PT-2024-16986 · WordPress · Sql Chart Builder

Name of the Vulnerable Software and Affected Versions: SQL Chart Builder plugin for WordPress versions up to, and including, 2.3.6 Description: The issue arises from insufficient escaping on the user-supplied arg1 parameter and lack of sufficient preparation on the existing SQL query in the gvn...

Nette Database 安全漏洞

Nette Database is a Nette open source database layer with a familiar PDO-like API but more powerful features. A security vulnerability exists in Nette Database 3.2.4 and earlier versions, which stems from the presence of a SQL injection vulnerability that allows an attacker to manipulate the...

CVE-2024-54934

Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/deleteclass.php...

PT-2024-36093 · Unknown · Roninwp Revy

Name of the Vulnerable Software and Affected Versions: Roninwp Revy versions 1.18 and earlier Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as a SQL Injection vulnerability. This vulnerability affects the Roninwp Revy...

WordPress plugin Beautiful taxonomy filters SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

WordPress KiviCare – Clinic & Patient Management System (EHR) plugin <= 3.6.4 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by shaman0x01 in WordPress Plugin KiviCare versions = 3.6.4...

WordPress plugin KiviCare SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

WordPress plugin FAT Services Booking SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

Django 安全漏洞

Django is a set of open source web application frameworks based on the Python language from the Django Foundation. The framework includes an object-oriented mapper, view system, template system, and more. Django suffers from a security vulnerability that stems from the vulnerability to SQL...

PT-2024-17220 · WordPress · Bp Profile Shortcodes Extra

Name of the Vulnerable Software and Affected Versions: BP Profile Shortcodes Extra plugin for WordPress versions up to, and including, 2.6.0 Description: The issue is related to time-based SQL Injection via the tab parameter due to insufficient escaping on the user-supplied parameter and lack of...

GHSA-M7XQ-9374-9RVX Mongoose search injection vulnerability

Mongoose versions prior to 8.8.3, 7.8.3, 6.13.5, and 5.13.23 are vulnerable to improper use of the $where operator. This vulnerability arises from the ability of the $where clause to execute arbitrary JavaScript code in MongoDB queries, potentially leading to code injection attacks and unauthoriz...

Vulnerabilities fixed in Zabbix

Zabbix has fixed vulnerabilities in the Zabbix server and frontend. The vulnerabilities include a stack buffer overflow in the zbxsnmpcachehandleengineid function, which can lead to execution of arbitrary code or a denial of service. In addition, there is an SQL injection vulnerability that allow...