463 matches found
PT-2024-36638 · Ydesignservices · Yds Support Ticket System
Name of the Vulnerable Software and Affected Versions: ydesignservices YDS Support Ticket System versions n/a through 1.0 Description: The issue is related to an SQL Injection vulnerability, allowing attackers to execute malicious SQL commands. This is due to the improper neutralization of specia...
WordPress plugin YDS Support Ticket System SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...
WordPress YDS Support Ticket System plugin <= 1.0 - SQL Injection vulnerability
SQL Injection vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin YDS Support Ticket System versions = 1.0...
CVE-2024-54274
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Octrace WordPress HelpDesk & Support Ticket System Plugin – Octrace Support octrace-support allows Reflected XSS.This issue affects WordPress HelpDesk & Support Ticket System Plugin – Octrace...
Code-Projects Concert Ticket Ordering System 注入漏洞
Code-Projects Concert Ticket Ordering System is a Code-Projects open source concert ticket ordering system. Code-Projects Concert Ticket Ordering System version 1.0 suffers from an injection vulnerability that originates from the parameter mai in the file /tourcor.php, which can lead to SQL...
CVE-2024-10627
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxmanagefilechunkupload function in all versions up to, and including, 17.7. This makes it possible for unauthenticated attackers to upload arbitrary fil...
CVE-2024-10627
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxmanagefilechunkupload function in all versions up to, and including, 17.7. This makes it possible for unauthenticated attackers to upload arbitrary fil...
CVE-2024-10625
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletetmpuploadedfile function in all versions up to, and including, 17.7. This makes it possible for unauthenticated attackers to delete arbitrary...
CVE-2024-10627
CVE-2024-10627 affects WooCommerce Support Ticket System for WordPress. The vulnerability is an arbitrary file upload flaw caused by missing file type validation in the ajax_manage_file_chunk_upload() function, present in all versions up to 17.7. The issue allows unauthenticated attackers to uplo...
CVE-2024-10627 WooCommerce Support Ticket System <= 17.7 - Unauthenticated Arbitrary File Upload
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxmanagefilechunkupload function in all versions up to, and including, 17.7. This makes it possible for unauthenticated attackers to upload arbitrary fil...
CVE-2024-10627 WooCommerce Support Ticket System <= 17.7 - Unauthenticated Arbitrary File Upload
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxmanagefilechunkupload function in all versions up to, and including, 17.7. This makes it possible for unauthenticated attackers to upload arbitrary fil...
CVE-2024-10626
CVE-2024-10626 affects WooCommerce Support Ticket System for WordPress (plugin) up to version 17.7. Root cause: insufficient file path validation in delete_uploaded_file(), allowing authenticated users with Subscriber+ privileges to delete arbitrary files (e.g., wp-config.php). Impact: potential ...
CVE-2024-10626 WooCommerce Support Ticket System <= 17.7 - Authenticated (Subscriber+) Arbitrary File Deletion
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteuploadedfile function in all versions up to, and including, 17.7. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2024-10625 WooCommerce Support Ticket System <= 17.7 - Unauthenticated Arbitrary File Deletion
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletetmpuploadedfile function in all versions up to, and including, 17.7. This makes it possible for unauthenticated attackers to delete arbitrary...
WordPress plugin WooCommerce Support Ticket System 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A path traversal vulnerability exis...
WordPress plugin WooCommerce Support Ticket System 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A path traversal vulnerability exis...
WordPress plugin WooCommerce Support Ticket System 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in WordPress...
WordPress WooCommerce Support Ticket System plugin <= 17.7 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by Tonn in WordPress Plugin WooCommerce Support Ticket System versions = 17.7...
WordPress WooCommerce Support Ticket System plugin <= 17.7 - Unauthenticated Arbitrary File Deletion vulnerability
Unauthenticated Arbitrary File Deletion vulnerability discovered by Tonn in WordPress Plugin WooCommerce Support Ticket System versions = 17.6...
WordPress WooCommerce Support Ticket System Plugin <= 17.7 is vulnerable to Arbitrary File Upload
Software WooCommerce Support Ticket System Type Plugin Vulnerable versions = 17.7 Fixed in 17.8 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-10627 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 8e050fff0484 Credits Tonn Required privilege...