Lucene search
K

33 matches found

Prion
Prion
added 2024/01/12 9:15 a.m.16 views

Sql injection

SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via txtsearch parameter in reviewsearch.php...

7.5CVSS8.8AI score0.01024EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2024/01/12 12:0 a.m.3 views

Judging Management System security breach

Judging Management System is a review management system by Carlo Montero Personal Developer. A security vulnerability exists in Sourcecodester Judging Management System v1.0, which stems from a SQL injection vulnerability that allows remote attackers to execute arbitrary code and obtain sensitive...

9.8CVSS8.5AI score0.01024EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2023/11/14 12:0 a.m.2 views

VulnCheck KEV: CVE-2018-10737

A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter...

7.2CVSS7.2AI score0.42556EPSS
Exploits2References1
OSV
OSV
added 2023/07/24 11:15 a.m.6 views

CVE-2023-2761

The User Activity Log WordPress plugin before 1.6.3 does not properly sanitise and escape the txtsearch parameter before using it in a SQL statement in some admin pages, leading to a SQL injection exploitable by high privilege users such as admin...

7.2CVSS5.8AI score0.00717EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/07/24 12:0 a.m.9 views

PT-2023-21247 · WordPress · User Activity Log

Name of the Vulnerable Software and Affected Versions: User Activity Log WordPress plugin versions prior to 1.6.3 Description: The issue arises from the improper sanitization and escaping of the txtsearch parameter in SQL statements on certain admin pages, leading to a SQL injection that can be...

7.2CVSS7.2AI score0.00717EPSS
Exploits2References4
CNNVD
CNNVD
added 2023/07/24 12:0 a.m.6 views

WordPress Plugin User Activity Log SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

7.2CVSS7.2AI score0.00717EPSS
Exploits2References2
Prion
Prion
added 2023/01/13 10:15 a.m.17 views

Sql injection

A vulnerability classified as critical has been found in SourceCodester Online Flight Booking Management System. This affects an unknown part of the file reviewsearch.php of the component POST Parameter Handler. The manipulation of the argument txtsearch leads to sql injection. It is possible to...

6.5CVSS9.7AI score0.00743EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/01/13 12:0 a.m.4 views

Online Flight Booking Management System SQL注入漏洞

Online Flight Booking Management System is an online booking management system from the individual developer Carlo Montero. SourceCodester Online Flight Booking Management System suffers from a SQL injection vulnerability that originates in the unknown section of the reviewsearch.php file of its...

9.8CVSS7.1AI score0.00743EPSS
Exploits1References4
WPVulnDB
WPVulnDB
added 2021/08/30 12:0 a.m.11 views

User Activity Log < 1.4.7 - Reflected Cross-Site Scripting

The plugin does not escape the txtsearch parameter before outputting it in an attribute, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/wp-admin/admin.php?page=useractionlog=%22+style%3Danimation-name%3Arotation+onanimationstart%3Dalert%28%2FXSS%2F%29%2F%2F...

0.1AI score
Exploits0Affected Software1
Prion
Prion
added 2018/05/16 1:29 p.m.27 views

Sql injection

A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter...

6.5CVSS7.3AI score0.42556EPSS
Exploits2References1Affected Software1
Check Point Advisories
Check Point Advisories
added 2014/02/03 12:0 a.m.5 views

NagiosQL txtSearch Parameter Cross-Site Scripting (CVE-2013-6039)

A cross site scripting vulnerability has been reported in NagiosQL. The vulnerability is due to lack of input validation on the txtSearch parameter passed to the hostdependencies.php resource. A remote attacker could exploit this vulnerability by enticing a user to follow a crafted link or view a...

5.8AI score0.01474EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2013/12/09 12:0 a.m.7 views

PT-2013-5935 · Nagios · Nagiosql

Name of the Vulnerable Software and Affected Versions: NagiosQL version 3.2 SP2 Description: The issue is related to multiple cross-site scripting XSS vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the txtSearch parameter to various pages,...

4.3CVSS5.8AI score0.01474EPSS
Exploits1References7
Prion
Prion
added 2008/09/30 11:24 p.m.10 views

Sql injection

SQL injection vulnerability in default.aspx in ParsaGostar ParsaWeb CMS allows remote attackers to execute arbitrary SQL commands via the 1 id parameter in the "page" page and 2 txtSearch parameter in the "Search" page...

7.5CVSS9.1AI score0.01145EPSS
Exploits1References6
Rows per page
Query Builder