161 matches found
Order Tracking Pro < 3.3.7 - Admin+ Stored Cross-Site Scripting
Description The plugin does not sanitise and escape the order status parameter, which could allow users with a role of Admin to perform Cross-Site Scripting attacks...
Canteen Management System SQL注入漏洞
Canteen Management System is a cafeteria management system by Mayuri K. Individual developer. A SQL injection vulnerability exists in SourceCodester Canteen Management System version 1.0, which stems from a security issue in the function query in createCategories.php, which causes SQL injection v...
Logitech Options 跨站请求伪造漏洞
Logitech Options is a powerful and easy-to-use application from Logitech that enhances your Logitech mouse, keyboard, and touchpad. Logitech Options suffers from a cross-site request forgery vulnerability that stems from a failure to properly validate the status parameter of Oauth 2.0. An attacke...
PHP-Fusion 跨站脚本漏洞
Php-fusion PHP-Fusion is an open source lightweight content management system based on MySql and PHP from Malaysia's PHP-Fusion Php-fusion. The system contains modules for news, articles and forums. A security vulnerability exists in PHP-Fusion version 7.02.07, which can be exploited by an attack...
CVE-2021-25076
The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting...
Anuko Time Tracker SQL Injection Vulnerability
Anuko Time Tracker is an open source time counting system for individual developers. A platform used to count employee time spent on various tasks, Anuko Time Tracker is vulnerable to a SQL injection vulnerability that stems from the group and status parameters in the groups.php file not being...
CVE-2021-43851
Anuko Time Tracker is an open source, web-based time tracking application written in PHP. SQL injection vulnerability exist in multiple files in Time Tracker version 1.19.33.5606 and prior due to not properly checking of the "group" and "status" parameters in POST requests. Group parameter is...
Anuko Time Tracker SQL注入漏洞
Anuko Time Tracker is an open source time counting system for individual developers. A platform used to count employee time spent on various tasks, Anuko Time Tracker is vulnerable to a SQL injection vulnerability that stems from the group and status parameters in the groups.php file not being...
VulnCheck KEV: CVE-2021-25076
The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting...
QSAN XEVO Command Injection Vulnerability (CNVD-2021-48920)
QSAN XEVO is a flash data management system from QSAN China. Reduces repetitive tasks and provides complete data analysis. A command injection vulnerability exists in QSAN XEVO that stems from the product's Array function's status parameter not properly filtering input data for special characters...
CVE-2021-32530
OS command injection vulnerability in Array function in QSAN XEVO allows remote unauthenticated attackers to execute arbitrary commands via status parameter. The referred vulnerability has been solved with the updated version of QSAN XEVO v2.1.0...
CVE-2021-32530
OS command injection vulnerability in Array function in QSAN XEVO allows remote unauthenticated attackers to execute arbitrary commands via status parameter. The referred vulnerability has been solved with the updated version of QSAN XEVO v2.1.0...
CVE-2020-27240
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The componentStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2020-27239
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The assetStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability...
Revive Adserver 跨站脚本漏洞
Revive Adserver is an open source ad server under the GNU General Public License license with an integrated banner management interface and a tracking system for collecting statistical information. A reflected cross-site scripting vulnerability exists in the status parameter in...
CVE-2020-25033
The Blubrry subscribe-sidebar aka Subscribe Sidebar plugin 1.3.1 for WordPress allows subscribesidebar.php&status= reflected XSS...
PT-2020-15901 · Blubrry · Blubrry Subscribe-Sidebar Plugin
Name of the Vulnerable Software and Affected Versions: Blubrry subscribe-sidebar plugin version 1.3.1 Description: The issue allows for reflected XSS in the subscribe-sidebar.php file. This can be exploited through the status parameter. Recommendations: For version 1.3.1, update to a newer versio...
CVE-2020-15617
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxlistaccounts.php. When parsing the status parameter, the...
PT-2020-14540 · Centos · Centos Web Panel
Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to disclose sensitive information on affected installations without requiring authentication. The flaw exists within the ajax list accounts.php file,...
The vulnerability of the OAuth2 extension for the software environment used to implement the MediaWiki hypertext environment allows a hacker to perform cross-site request forgeing attacks.
The vulnerability of the OAuth2 extension for implementing the MediaWiki hypertext environment is related to the absence of a check on the OAuth2 status parameter in the callback function. Exploiting this vulnerability allows a malicious actor to perform cross-site forged requests...