3100 matches found
Path Traversal
opendiamond is vulnerable to path traversal. The vulnerability exists due to a lack of sanitization of the Flask sendfile function allowing an attacker to traverse through the directory via the objpath...
Login with phone number < 1.3.8 - Multiple Admin+ Stored XSS
The plugin does not sanitise and escape plugin settings which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Plugin settings Style Settings button border radius or other field put to input field: alert'XSS'; Text &...
Exploit for Improper Restriction of XML External Entity Reference in Zohocorp Manageengine_Adaudit_Plus
Code to support my CVE-2022-28219 analysishttps://attackerk...
Library Management System With QR Code 1.0 Shell Upload Vulnerability
Title: Library Management System with QR code AttendanceFile Upload RCE Author: Ashish Kumar https://www.linkedin.com/in/ashish-kumar-0b65a3184 Vendor: https://www.sourcecodester.com/users/kingbhob02 Software:...
Exploit for Improper Restriction of XML External Entity Reference in Zohocorp Manageengine_Adaudit_Plus
CVE-2022-28219 POC for CVE-2022-28219 affecting ManageEngine A...
CVE-2022-30117
Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow traversal in /index.php/ccm/system/file/upload which could result in an Arbitrary File Delete exploit. This was remediated by sanitizing /index.php/ccm/system/file/upload to ensure Concrete doesn’t allow traversal and by changin...
Download Manager < 3.2.48 - Contributor+ Stored Cross-Site Scripting
The plugin does not sanitise and escape the 'Insert URL' field, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks. Note: The attempted fix made in 3.2.46 and 3.2.47 were found to be insufficient As a contributor, create/edit a download and pu...
Cache Images < 3.2.1 - Image Upload / Import via CSRF
The plugin does not implement nonce checks, which could allow attackers to make any logged user upload images via a CSRF attack. Allows import of any images with any user level. document.getElementById"test".submit; document.getElementById"test".submit; document.getElementById"test".submit;...
Photo Gallery by Supsystic < 1.15.6 - Arbitrary Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Gravity PDF < 6.3.1 - Reflected Cross-Site Scripting
The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=gfeditforms&view=settings&subview=pdf&id=1&a'alert/XSS/...
404 to 301 < 3.1.2 - Reflected Cross-Site Scripting
Description The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=jj4t3-logs&a"alert/XSS/...
WP All Export < 1.3.6 - Reflected Cross-Site Scripting
The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting https;?/example.com/wp-admin/admin.php?page=pmxe-admin-manage&a"alert/XSS/...
Rescue Dispatch Management System SQL注入漏洞(CNVD-2022-53916)
Rescue Dispatch Management System is a rescue dispatch management system developed by Carlo Montero. v1.0 of Rescue Dispatch Management System is vulnerable to SQL injection, which originates from /rdms/admin/ incidents/viewincident.php?id=The page lacks validation for external input SQL...
Confluence OGNL Injection Remote Code Execution
!/usr/bin/python3 Exploit Title: Confluence Pre-Auth Remote Code Execution via OGNL Injection Google Dork: N/A Date: 06/006/2022 Exploit Author: h3v0x Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/confluence/download-archives Version: All 7.4.17...
Google Authenticator < 1.0.8 - Admin+ Stored Cross-Site Scripting
The plugin does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed Put the following payload in the Account Name settings and click on the 'Change App name' button: " autofocus onfocus=alert/XSS//...
Qubely < 1.8.1 - Authenticated Arbitrary Settings Update
The plugin does not have proper authorisation when saving its settings, allowing users with a role as low as subscriber in versions 1.7.9 or contributor in v 1.8.1 to update them As a subscriber Nonce can be taken from the qubelylocalscript-js-extra script on the homepage...
XCloner < 4.3.6 - Plugin Settings Reset
The plugin does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated attackers to reset them, including generating a new backup encryption key. v4.3.5 added capability check, but CSRF one still missing. v...
Microweber CMS 1.2.15 - Account Takeover
Exploit Title: Microweber CMS 1.2.15 - Account Takeover Date: 2022-05-09 Exploit Author: Manojkumar J Vendor Homepage: https://github.com/microweber/microweber Software Link: https://github.com/microweber/microweber/releases/tag/v1.2.15 Version: =1.2.15 Tested on: Windows10 CVE : CVE-2022-1631...
Ultimate WooCommerce CSV Importer <= 2.0 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting POST /wp-admin/admin.php?page=simple-woocommerce-csv-loader%2Fadmin%2FCSVLoader.php HTTP/1.1 Accept:...
HTML2WP <= 1.0.0 - Unauthenticated Arbitrary File Upload
The plugin does not have authorisation and CSRF checks when importing files, and does not validate them, as a result, unauthenticated attackers can upload arbitrary files such as PHP on the remote server await fetch"https://example.com/wp-admin/admin.php?page=html2wp-settings", "headers":...