224 matches found
CSCMS Music Portal System SQL注入漏洞
CSCMS Music Portal System is a diversified content management system of China Chong Sheng Network Technology CSCMS Company. CSCMS Music Portal System suffers from a SQL injection vulnerability that originates from the lack of validation of the id parameter in /admin.php/vod/admin/topic/del for...
CVE-2022-1560
The Amministrazione Aperta WordPress plugin before 3.8 does not validate the open parameter before using it in an include statement, leading to a Local File Inclusion issue. The original advisory mentions that unauthenticated users can exploit this, however the affected file generates a fatal err...
CVE-2022-1560
The Amministrazione Aperta WordPress plugin before 3.8 does not validate the open parameter before using it in an include statement, leading to a Local File Inclusion issue. The original advisory mentions that unauthenticated users can exploit this, however the affected file generates a fatal err...
Survey Sparrow Enterprise Survey Software 跨站脚本漏洞
A cross-site scripting vulnerability exists in Survey Sparrow Enterprise Survey Software version 2022, which originates in the test parameter The vulnerability is caused by a lack of data validation filtering of user-supplied data and output. An attacker could use this vulnerability to execute...
TOTOLINK N600R 缓冲区错误漏洞
TOTOLINK N600R is a wireless router from Taiwan, China-based Gion Electronics TOTOLINK.A buffer overflow vulnerability exists in TOTOLINK N600R V4.3.0cu.7647B20210106, which stems from a lack of length validation of the File parameter in the FUN0041309c function. An attacker could exploit this...
WordPress plugin Videos sync PDF路径遍历漏洞
WordPress is a set of blogging platform developed using the PHP language. WordPress plugin Videos sync PDF version 1.7.4 and before there is a file inclusion vulnerability, the vulnerability stems from the plugin in the inclusion statement using the p parameter before failing to validate, an...
CVE-2022-0591
The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3get AJAX action, leading to SSRF issues exploitable by unauthenticated users...
WordPress plugin 跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress White Label CMS Plugin versions prior to 2.2.9, which...
WordPress plugin 跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the Wordpress Plugin Sendinblue prior to version 3.1.25, which...
WordPress和WordPress 插件 SQL注入漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. The WordPress plugin suffers from a SQL...
The Plus Addons for Elementor Pro < 5.0.7 - Sensitive Data Disclosure
The plugin does not validate the qvquery parameter of the tpgetdlpostinfoajax AJAX action, which could allow unauthenticated users to retrieve sensitive information, such as private and draft posts PoC The following request allow an unauthenticated user to get the draft posts the nonce can be...
WordPress 路径遍历漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on PHP and MySQL servers. A path traversal vulnerability exists in the WordPress plugin that stems from The Images to WebP not validating or...
Sql injection
The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not validate and escape the orderby parameter before using it in a SQL statement in the Permalink Manager page, leading to a SQL Injection...
PT-2021-15923 · WordPress · Wordpress
Name of the Vulnerable Software and Affected Versions: WordPress plugin versions through 3.7.2 Description: The issue arises from the proid GET parameter not being properly sanitized, escaped, or validated before being inserted into a SQL statement. This leads to SQL injection. Recommendations: F...
CVE-2021-24346
The Stock in & out WordPress plugin through 1.0.4 has a search functionality, the lowest accessible level to it being contributor. The srch POST parameter is not validated, sanitised or escaped before using it in the echo statement, leading to a reflected XSS issue...
WordPress SQL注入漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress Xllentech English Islamic Calendar plugin prior to...
OS Command Injection
total.js is vulnerable to OS command injection. The type parameter is not properly sanitized and validated, and is used to build the command which is subsequently executed using childprocess.spawn...
NHIServiSignAdapter Buffer Error Vulnerability
Panorama NHIServiSignAdapter is a security control component for panoramic surveillance devices from China Panorama. A security vulnerability exists in NHIServiSignAdapter that stems from a summary generation function that does not validate the length of a parameter, which results in a stack...
CVE-2020-35737
In Correspondence Management System corms in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference...
CVE-2020-35737
CVE-2020-35737 affects Newgen eGov 12.0, specifically the Correspondence Management System (corms). The vulnerability is an Insecure Direct Object Reference caused by an unvalidated UserIndex parameter in the personal settings page, allowing an attacker to modify other users’ profile information....