33 matches found
Sql injection
SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via txtsearch parameter in reviewsearch.php...
Judging Management System security breach
Judging Management System is a review management system by Carlo Montero Personal Developer. A security vulnerability exists in Sourcecodester Judging Management System v1.0, which stems from a SQL injection vulnerability that allows remote attackers to execute arbitrary code and obtain sensitive...
VulnCheck KEV: CVE-2018-10737
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter...
CVE-2023-2761
The User Activity Log WordPress plugin before 1.6.3 does not properly sanitise and escape the txtsearch parameter before using it in a SQL statement in some admin pages, leading to a SQL injection exploitable by high privilege users such as admin...
PT-2023-21247 · WordPress · User Activity Log
Name of the Vulnerable Software and Affected Versions: User Activity Log WordPress plugin versions prior to 1.6.3 Description: The issue arises from the improper sanitization and escaping of the txtsearch parameter in SQL statements on certain admin pages, leading to a SQL injection that can be...
WordPress Plugin User Activity Log SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...
Sql injection
A vulnerability classified as critical has been found in SourceCodester Online Flight Booking Management System. This affects an unknown part of the file reviewsearch.php of the component POST Parameter Handler. The manipulation of the argument txtsearch leads to sql injection. It is possible to...
Online Flight Booking Management System SQL注入漏洞
Online Flight Booking Management System is an online booking management system from the individual developer Carlo Montero. SourceCodester Online Flight Booking Management System suffers from a SQL injection vulnerability that originates in the unknown section of the reviewsearch.php file of its...
User Activity Log < 1.4.7 - Reflected Cross-Site Scripting
The plugin does not escape the txtsearch parameter before outputting it in an attribute, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/wp-admin/admin.php?page=useractionlog=%22+style%3Danimation-name%3Arotation+onanimationstart%3Dalert%28%2FXSS%2F%29%2F%2F...
Sql injection
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter...
NagiosQL txtSearch Parameter Cross-Site Scripting (CVE-2013-6039)
A cross site scripting vulnerability has been reported in NagiosQL. The vulnerability is due to lack of input validation on the txtSearch parameter passed to the hostdependencies.php resource. A remote attacker could exploit this vulnerability by enticing a user to follow a crafted link or view a...
PT-2013-5935 · Nagios · Nagiosql
Name of the Vulnerable Software and Affected Versions: NagiosQL version 3.2 SP2 Description: The issue is related to multiple cross-site scripting XSS vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the txtSearch parameter to various pages,...
Sql injection
SQL injection vulnerability in default.aspx in ParsaGostar ParsaWeb CMS allows remote attackers to execute arbitrary SQL commands via the 1 id parameter in the "page" page and 2 txtSearch parameter in the "Search" page...