4 matches found
CVE-2022-1566
The Quotes llama WordPress plugin before 1.0.0 does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed. The attack could also be performed by tricking an admin to import a malicious CS...
PT-2022-13965 · WordPress · Quotes Llama Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: Quotes llama WordPress plugin versions prior to 1.0.0 Description: The issue allows high privilege users, such as admins, to perform Cross-Site Scripting attacks even when unfiltered html is disallowed. This can be achieved by exploiting the...
Command Injection
Overview systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Command Injection. The sanitizeShellString function does not sanitize quotation marks, which could be leveraged by an attacker to execute arbitrary commands. PoC const si ...
Failure to sanitize quotes which can lead to sql injection
Overview All versions of squel are vulnerable to sql injection. The squel package does not properly escape user provided input when provided using the setFields method. This could lead to sql injection if the query was then executed. Proof of concept demonstrating the injection of a single quote...