Lucene search
+L

125 matches found

Vulnrichment
Vulnrichment
added 2024/02/28 1:12 p.m.17 views

CVE-2024-25932 WordPress Change Table Prefix plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Manish Kumar Agarwal Change Table Prefix change-table-prefix allows Cross Site Request Forgery.This issue affects Change Table Prefix: from n/a through = 2.0...

4.3CVSS6.7AI score0.00279EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/28 12:0 a.m.5 views

PT-2024-21226 · Unknown · Change Table Prefix

Name of the Vulnerable Software and Affected Versions: Change Table Prefix versions through 2.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the...

8.8CVSS9.4AI score0.00279EPSS
Exploits0References5
WPVulnDB
WPVulnDB
added 2024/02/23 12:0 a.m.20 views

Change Table Prefix <= 2.0 - Cross-Site Request Forgery via change_prefix_form

Description The Change Table Prefix plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. This is due to missing or incorrect nonce validation on the 'changeprefixform' function. This makes it possible for unauthenticated attackers to toggle...

8.8CVSS6.3AI score0.00279EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/02/20 12:0 a.m.17 views

WordPress Change Table Prefix Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Change Table Prefix Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-25932 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3132be596954 Credits Nguyen Xuan Chien...

8.8CVSS6.6AI score0.00279EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 5:37 a.m.4 views

SUSE CVE-2013-3238

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a pregreplace function call within the "Replace table prefix" feature...

6CVSS7.8AI score0.28851EPSS
Exploits14References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:10 a.m.5 views

SUSE CVE-2015-9230

In the admin/db-backup-security/db-backup-security.php page in the BulletProof Security plugin before .52.5 for WordPress, XSS is possible for remote authenticated administrators via the DBTablePrefix parameter...

4.8CVSS6.2AI score0.01576EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2022/08/09 10:29 a.m.481 views

Exploit for SQL Injection in Prestashop Blockwishlist

CVE-2022-31101 Exploit for PrestaShop bockwishlist module 2.1...

8.8CVSS8.3AI score0.24146EPSS
Exploits6
Positive Technologies
Positive Technologies
added 2022/04/25 12:0 a.m.7 views

PT-2022-13251 · WordPress · Flo-Launch

Name of the Vulnerable Software and Affected Versions: flo-launch WordPress plugin versions prior to 2.4.1 Description: The issue allows an attacker to initiate a new site install by setting the flo custom table prefix cookie to an arbitrary value. This is possible because the plugin injects code...

9.8CVSS9.4AI score0.01677EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2021/06/24 12:0 a.m.6 views

PT-2021-10201 · Gnuboard5 · Gnuboard5

Name of the Vulnerable Software and Affected Versions: gnuboard5 versions prior to 5.3.2.8 Description: The issue is related to a SQL Injection vulnerability. It can be exploited via the table prefix parameter in the install db.php file. Recommendations: For versions prior to 5.3.2.8, update to a...

9.8CVSS8.2AI score0.05377EPSS
Exploits4References6
CNNVD
CNNVD
added 2021/06/24 12:0 a.m.6 views

GNUBOARD5 SQL注入漏洞

GNUBOARD5 is a Web forum system based on PHP and MySQL. A SQL injection vulnerability exists in GNUBOARD5 5.3.2.8 and earlier versions. The vulnerability can be exploited to conduct SQL injection attacks via the tableprefix parameter in installdb.php...

9.8CVSS5.9AI score0.05377EPSS
Exploits4References6
CNVD
CNVD
added 2018/07/26 12:0 a.m.6 views

Arbitrary Code Execution Vulnerability in GolemCMS

GolemCMS is a PHP-based content management system CMS. An arbitrary code execution vulnerability exists in GolemCMS version 2008-12-24 and earlier. A remote attacker can execute arbitrary PHP code or obtain sensitive information by sending a direct request to the 'Table prefix' form field in...

9.8CVSS9.8AI score0.01604EPSS
Exploits1References1
OSV
OSV
added 2018/07/24 2:29 p.m.2 views

CVE-2018-14579

GolemCMS through 2008-12-24, if the install/ directory remains active after an installation, allows remote attackers to execute arbitrary PHP code by inserting this code into the "Database Information" "Table prefix" form field, or obtain sensitive information via a direct request for...

9.8CVSS6.1AI score
Exploits0References1
CNVD
CNVD
added 2017/09/13 12:0 a.m.4 views

WordPress BulletProof Security Plugin Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed in PHP by the WordPress Software Foundation, which supports setting up personal blog sites on PHP and MySQL servers.BulletProof Security is one of the security plug-ins against brute-force cracking. A cross-site scripting vulnerability exists in the...

4.8CVSS4.9AI score0.01576EPSS
Exploits1References1
myhack58
myhack58
added 2014/07/09 12:0 a.m.18 views

dz7. 2 faq. php vulnerability storm table prefix-vulnerability warning-the black bar safety net

action=grouppermission&gids9 9='&gids1 0 00= andselect 1 fromselect count,concatselect select SELECT distinct concathextablename FROM informationschema. the tables where tableschema=database limit 0,1 from informationschema. tables limit 0,1,floorrand02x from informationschema. tables group by xa...

0.6AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.35 views

LinPHA <= 1.3.1 (new_images.php) Remote Blind SQL Injection Exploit

No description provided by source. ?php / LinPHA = 1.3.1 newimages.php Remote Blind SQL Injection Hash Fishing Exploit / BENCHMARK method author...: EgiX mail.....: n0b0d1esathotmaildotcom link.....: http://linpha.sourceforge.net/ dork.....: LinPHA Version 1.3.x or The LinPHA developers vulnerabl...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.21 views

exV2 <= 2.0.4.3 - (sort) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? printr' ------------------------------------------------------------------------------- exV2 = 2.0.4.3 sort SQL injection / administrative credentials disclosure exploit mail: [email protected] site:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.28 views

WP Comment Remix 1.4.3 - Remote SQL Injection Exploit

No description provided by source. ?php / WP Comment Remix 1.4.3 SQL Injection Proof of Concept By g30rg3x g30rg3xatchxsecuritydotorg Advisory: http://chxsecurity.org/advisories/adv-3-full.txt PoC Mirror: http://chxsecurity.org/proof-of-concepts/wp-comment-remix-143.zip Attention: This is a...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.27 views

ibProArcade <= 3.3.0 - Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl ibProArcade = v3.3.0 sql injection exploit coded by 1dt.w0lf RST/GHC THIS IS UNPUBLISHED RST/GHC EXPLOIT CODE KEEP IT PRIVATE use Tk; use Tk::BrowseEntry; use Tk::DialogBox; use LWP::UserAgent; BEGIN if$^O eq 'MSWin32' require Win32::Console;...

6.7AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

YAP 1.1.1 - Blind SQL Injection/SQL Injection Vulnerabilities

No description provided by source. + YAP 1.1.1 Blind SQL Injection/SQL Injection + Discovered By SirGod + www.mortal-team.org + www.h4cky0u.org + Blind SQL Injection The default prefix for database tables is yap .But can be changed at installation. PoC : http://127.0.0.1/path/comments.php?imageid...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

X7 Chat <= 2.0.4 (old_prefix) Remote Blind SQL Injection Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo X7 Chat =2.0.4 'oldprefix' blind SQL injection / privilege escalation exploit\r\n; echo by rgod [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n; echo dork: \Powered By X7 Chat\r\n\r\n; if $argc3...

7.1AI score
Exploits0
Rows per page
Query Builder