291 matches found
Selio - Real Estate Directory <= 1.1 - SQL Injection & Persistent XSS
----- SQL Injection: ----- Vulnerable 'id' parameter is https://listing-themes.com/selio-wp/wp-admin/admin.php?page=ownlistingaddlisting=21 ----- Persistent XSS: ----- You need a new user account, then go to any property listing on the website and use 'ENQUIRY FORM' on the right sidebar. Or you...
CVE-2019-15566
The Alfresco application before 1.8.7 for Android allows SQL injection in HistorySearchProvider.java...
CVE-2019-10687
KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=report entryid0 parameter, the admin/index.php?module=log id parameter, or an index.php?View=print&id= request...
CVE-2019-13462
Lansweeper before 7.1.117.4 allows unauthenticated SQL injection...
CVE-2019-12838
SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection...
CVE-2019-12838
SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection...
CVE-2019-13489
Trape through 2019-05-08 has SQL injection via the data2 variable in core/db.py, as demonstrated by the /bs t parameter...
CVE-2019-9846
RockOA 1.8.7 allows remote attackers to obtain sensitive information because the webmain/webmainAction.php publictreestore method constructs a SQL WHERE clause unsafely by using the pidfields and idfields parameters, aka background SQL injection...
CVE-2019-9086
HotelDruid before v2.3.1 has SQL Injection via the /visualizzatabelle.php anno parameter...
CVE-2019-11768
An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature...
CVE-2019-11880
CommSy through 8.6.5 has SQL Injection via the cid parameter. This is fixed in 9.2...
PHPads 2.0 - 'click.php3?bannerID' SQL Injection
Sql Injection on PHPads Version 2.0 based on Pixelledads 1.0 by Nile Flores + Date: 05/05/2019 + Risk: High + CWE Number : CWE-89 + Author: Felipe Andrian Peixoto + Vendor Homepage: https://blondish.net/ + Software Demo : https://github.com/blondishnet/PHPads/blob/master/readme.txt + Contact:...
CVE-2019-9566
FlarumChina v0.1.0-beta.7C has SQL injection via a /?q= request...
CVE-2019-8360
Themerig Find a Place CMS Directory 1.5 has SQL Injection via the find/assets/external/data2.php cate parameter...
CVE-2018-19559
CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the referenceid parameter...
WordPress 4.8.x < 4.8.2 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A flaw in $wpdb-prepare can create unsafe queries leading to potential SQL injection flaws with plugins and themes. - Multiple cross-site scripting XSS vulnerabilities...
CVE-2018-18476
mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection because it removes default string escaping for affected database columns...
CVE-2018-17575
SWA SWA.JACAD 3.1.37 Build 024 has SQL Injection via the /academico/aluno/esqueci-minha-senha/ studentId parameter...
CVE-2018-16410
Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php...
CVE-2018-16385
ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query string...