Lucene search
+L

463 matches found

Positive Technologies
Positive Technologies
added 2024/12/18 12:0 a.m.6 views

PT-2024-36638 · Ydesignservices · Yds Support Ticket System

Name of the Vulnerable Software and Affected Versions: ydesignservices YDS Support Ticket System versions n/a through 1.0 Description: The issue is related to an SQL Injection vulnerability, allowing attackers to execute malicious SQL commands. This is due to the improper neutralization of specia...

8.5CVSS8.3AI score0.00473EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/12/18 12:0 a.m.4 views

WordPress plugin YDS Support Ticket System SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...

8.5CVSS8.9AI score0.00473EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/12/14 8:24 p.m.5 views

WordPress YDS Support Ticket System plugin <= 1.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin YDS Support Ticket System versions = 1.0...

8.5CVSS8.1AI score0.00473EPSS
Exploits0Affected Software1
NVD
NVD
added 2024/12/13 3:15 p.m.6 views

CVE-2024-54274

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Octrace WordPress HelpDesk & Support Ticket System Plugin – Octrace Support octrace-support allows Reflected XSS.This issue affects WordPress HelpDesk & Support Ticket System Plugin – Octrace...

7.1CVSS0.00418EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/28 12:0 a.m.4 views

Code-Projects Concert Ticket Ordering System 注入漏洞

Code-Projects Concert Ticket Ordering System is a Code-Projects open source concert ticket ordering system. Code-Projects Concert Ticket Ordering System version 1.0 suffers from an injection vulnerability that originates from the parameter mai in the file /tourcor.php, which can lead to SQL...

9.8CVSS7.8AI score0.00775EPSS
Exploits1References5
OSV
OSV
added 2024/11/09 4:15 a.m.3 views

CVE-2024-10627

The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxmanagefilechunkupload function in all versions up to, and including, 17.7. This makes it possible for unauthenticated attackers to upload arbitrary fil...

9.8CVSS6.4AI score0.00829EPSS
Exploits0References2
NVD
NVD
added 2024/11/09 4:15 a.m.31 views

CVE-2024-10627

The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxmanagefilechunkupload function in all versions up to, and including, 17.7. This makes it possible for unauthenticated attackers to upload arbitrary fil...

9.8CVSS0.00829EPSS
Exploits0References2
OSV
OSV
added 2024/11/09 4:15 a.m.9 views

CVE-2024-10625

The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletetmpuploadedfile function in all versions up to, and including, 17.7. This makes it possible for unauthenticated attackers to delete arbitrary...

9.1CVSS6.4AI score0.00996EPSS
Exploits0References2
CVE
CVE
added 2024/11/09 3:30 a.m.64 views

CVE-2024-10627

CVE-2024-10627 affects WooCommerce Support Ticket System for WordPress. The vulnerability is an arbitrary file upload flaw caused by missing file type validation in the ajax_manage_file_chunk_upload() function, present in all versions up to 17.7. The issue allows unauthenticated attackers to uplo...

9.8CVSS9.9AI score0.00829EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/11/09 3:30 a.m.31 views

CVE-2024-10627 WooCommerce Support Ticket System <= 17.7 - Unauthenticated Arbitrary File Upload

The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxmanagefilechunkupload function in all versions up to, and including, 17.7. This makes it possible for unauthenticated attackers to upload arbitrary fil...

9.8CVSS0.00829EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/09 3:30 a.m.10 views

CVE-2024-10627 WooCommerce Support Ticket System <= 17.7 - Unauthenticated Arbitrary File Upload

The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxmanagefilechunkupload function in all versions up to, and including, 17.7. This makes it possible for unauthenticated attackers to upload arbitrary fil...

9.8CVSS8.3AI score0.00829EPSS
Exploits0References2
CVE
CVE
added 2024/11/09 3:18 a.m.65 views

CVE-2024-10626

CVE-2024-10626 affects WooCommerce Support Ticket System for WordPress (plugin) up to version 17.7. Root cause: insufficient file path validation in delete_uploaded_file(), allowing authenticated users with Subscriber+ privileges to delete arbitrary files (e.g., wp-config.php). Impact: potential ...

8.8CVSS8.9AI score0.00905EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/11/09 3:18 a.m.22 views

CVE-2024-10626 WooCommerce Support Ticket System <= 17.7 - Authenticated (Subscriber+) Arbitrary File Deletion

The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteuploadedfile function in all versions up to, and including, 17.7. This makes it possible for authenticated attackers, with Subscriber-level...

8.8CVSS0.00905EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/09 3:18 a.m.13 views

CVE-2024-10625 WooCommerce Support Ticket System <= 17.7 - Unauthenticated Arbitrary File Deletion

The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletetmpuploadedfile function in all versions up to, and including, 17.7. This makes it possible for unauthenticated attackers to delete arbitrary...

9.8CVSS8.2AI score0.00996EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/09 12:0 a.m.9 views

WordPress plugin WooCommerce Support Ticket System 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A path traversal vulnerability exis...

9.8CVSS8.3AI score0.00996EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/09 12:0 a.m.5 views

WordPress plugin WooCommerce Support Ticket System 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A path traversal vulnerability exis...

8.8CVSS8.4AI score0.00905EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/09 12:0 a.m.6 views

WordPress plugin WooCommerce Support Ticket System 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in WordPress...

9.8CVSS8.4AI score0.00829EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/11/08 10:43 p.m.7 views

WordPress WooCommerce Support Ticket System plugin <= 17.7 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Tonn in WordPress Plugin WooCommerce Support Ticket System versions = 17.7...

9.8CVSS7AI score0.00829EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/08 10:29 p.m.7 views

WordPress WooCommerce Support Ticket System plugin <= 17.7 - Unauthenticated Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion vulnerability discovered by Tonn in WordPress Plugin WooCommerce Support Ticket System versions = 17.6...

9.8CVSS7AI score0.00996EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/08 12:0 a.m.16 views

WordPress WooCommerce Support Ticket System Plugin <= 17.7 is vulnerable to Arbitrary File Upload

Software WooCommerce Support Ticket System Type Plugin Vulnerable versions = 17.7 Fixed in 17.8 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-10627 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 8e050fff0484 Credits Tonn Required privilege...

9.8CVSS7.2AI score0.00829EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder