PT-2022-14123 · WordPress · Export Any Wordpress Data To Xml/Csv

Name of the Vulnerable Software and Affected Versions: Export any WordPress data to XML/CSV WordPress plugin versions prior to 1.3.5 Description: The issue arises from the lack of sanitization of the cpt POST parameter when exporting post data, which is then used in a database query. This leads t...

PT-2022-14100

Name of the Vulnerable Software and Affected Versions carrcommunications rsvpmaker versions 9.3.2 and earlier Description An unauthenticated SQL injection flaw exists in the rsvpmaker-email.php file. This allows for database extraction with minimal barriers to access. It is estimated that over...

phplist SQL注入漏洞

phplist is a suite of open source newsletter and email marketing software from the UK-based phplist. Version 3.2.6 of phplist contains a security vulnerability that can be exploited by attackers to conduct SQL injection attacks...

CVE-2022-23169

attacker needs to craft a SQL payload. the vulnerable parameter is "agentid" must be authenticated to the admin panel...

CVE-2022-1690

The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection...

CVE-2022-1683

The amtyThumb WordPress plugin through 4.2.0 does not sanitise and escape a parameter before using it in a SQL statement via its shortcode, leading to an SQL injection and is exploitable by any authenticated user and not just Author+ like the original advisory mention due to the fact that they ca...

Virtua Cobranca SQL注入漏洞

Virtua Cobranca, a CRM software for call centers and collection and finance departments from Virtua Brazil, is vulnerable to SQL injection in versions prior to Virtua Cobranca 12R. The vulnerability stems from a missing data filter escape in the idusuario parameter in login.php. An attacker could...

CVE-2022-30927

A SQL injection vulnerability exists in Simple Task Scheduling System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable "id" parameter...

CVE-2022-32012

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/employee/index.php?view=edit&id=...

CVE-2022-32010

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/user/index.php?view=edit&id=...

CVE-2022-32006

Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/services/viewservice.php?id=...

CVE-2022-31984

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/takeaction.php?id=...

CVE-2022-31974

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=reports&date=...

CVE-2022-31952

Rescue Dispatch Management System v1.0 is vulnerable to SQL injection via /rdms/classes/Master.php?f=deleteincident...

CVE-2022-31975

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=user/manageuser&id=...

CVE-2022-31343

Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=bookings/viewdetails&id=...

CVE-2022-31351

Online Car Wash Booking System v1.0 by oretnom23 has SQL injection via /ocwbs/admin/services/manageprice.php?id=...

CVE-2022-30826

Wedding Management System v1.0 is vulnerable to SQL Injection via admin\clientassign.php...

CVE-2022-30816

elitecms 1.01 is vulnerable to SQL Injection via /admin/editsidebar.php...

CVE-2022-30818

Wedding Management System v1.0 is vulnerable to SQL injection via /Wedding-Management/admin/blogeventsedit.php?id=31...