168 matches found
CVE-2025-10115 SiempreCMS user_search_ajax.php sql injection
A vulnerability was determined in SiempreCMS up to 1.3.6. This affects an unknown part of the file usersearchajax.php. This manipulation of the argument name/userName causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized...
CVE-2025-10115
CVE-2025-10115 affects SiempreCMS up to version 1.3.6. The vulnerability resides in the file user_search_ajax.php where manipulation of the name/userName parameter triggers a SQL injection. The issue can be exploited remotely and the exploit has been publicly disclosed. Remediation per connected ...
SiempreCMS SQL注入漏洞
SiempreCMS is a content management system of SiempreCMS open source. SiempreCMS 1.3.6 and earlier versions have a SQL injection vulnerability that stems from incorrect manipulation of the parameter name/userName in the file usersearchajax.php resulting in SQL injection...
CVE-2024-43018
Piwigo 13.8.0 and below is vulnerable to SQL Injection in the parameters maxlevel and minregister. These parameters are used in wsusergerList function from file include\wsfunctions\pwg.users.php and this same function is called by ws.php file at some point can be used for searching users in...
PT-2025-31256 · Piwigo · Piwigo
Name of the Vulnerable Software and Affected Versions: Piwigo versions 13.8.0 and below Description: Piwigo versions 13.8.0 and below are vulnerable to SQL Injection in the parameters max level and min register. These parameters are used in the ws user gerList function from the file includews...
CVE-2024-43018
Piwigo 13.8.0 and below is vulnerable to SQL Injection in the parameters maxlevel and minregister. These parameters are used in wsusergerList function from file include\wsfunctions\pwg.users.php and this same function is called by ws.php file at some point can be used for searching users in...
CVE-2024-43018
Piwigo 13.8.0 and below is vulnerable to SQL Injection in the parameters maxlevel and minregister. These parameters are used in wsusergerList function from file include\wsfunctions\pwg.users.php and this same function is called by ws.php file at some point can be used for searching users in...
GHSA-Q28V-664F-Q6WJ Indico vulnerability allows attackers to bulk dump user details
Impact An endpoint used to display details of users listed in certain fields such as ACLs could be misused to dump basic user details such as name, affiliation and email in bulk. !TIP If your instance allows everyone to create a user account, and you wish to truly restrict access to these user...
CVE-2024-7606
The Front End Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'user-search' shortcode in all versions up to, and including, 3.2.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2023-6155
The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the aysquizauthorusersearch AJAX action, allowing an unauthenticated attacker to perform a search for users of the system, ultimately leaking user email addresses...
CVE-2019-4091
"HCL Marketing Platform is vulnerable to cross-site scripting during addition of new users and also while searching for users in Dashboard, potentially giving an attacker ability to inject malicious code into the system. "...
CVE-2025-4262
A vulnerability was found in PHPGurukul Online DJ Booking Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/user-search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely...
PHPGurukul Online DJ Booking Management System 注入漏洞
PHPGurukul Online DJ Booking Management System is an online DJ booking management system from PHPGurukul. An injection vulnerability exists in version 1.0 of the PHPGurukul Online DJ Booking Management System, which stems from improper handling of the searchdata parameter in the file...
CVE-2024-12410
The Front End Users plugin for WordPress is vulnerable to SQL Injection via the 'UserSearchField' parameter in all versions up to, and including, 3.2.32 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...
Authentication Bypass
Mattermost is vulnerable to Authentication Bypass. The vulnerability is due to a flaw that allows authenticated attackers to bypass MFA protections via user search, channel search, or team search queries...
PT-2025-14469 · WordPress · Front End Users
Name of the Vulnerable Software and Affected Versions: Front End Users plugin for WordPress versions up to, and including, 3.2.32 Description: The issue allows for SQL Injection via the UserSearchField parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient...
SUSE CVE-2025-30179
Mattermost versions 10.4.x = 10.4.2, 10.3.x = 10.3.3, 9.11.x = 9.11.8 fail to enforce MFA on certain search APIs, which allows authenticated attackers to bypass MFA protections via user search, channel search, or team search queries...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to search APIs including user search, channel search, and team search failing to enforce multifactor authentication. Remediation Upgrade...
Missing Authentication for Critical Function
Overview github.com/mattermost/mattermost/server/v8/channels/api4 is a platform for secure collaboration across the entire software development lifecycle Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to search APIs including user search,...
WordPress Secure Copy Content Protection and Content Locking plugin <= 4.4.7 - Missing Authorization to Unauthenticated User Email Retrieval via ays_sccp_reports_user_search Function vulnerability
Missing Authorization to Unauthenticated User Email Retrieval via ayssccpreportsusersearch Function vulnerability discovered by Krzysztof Zając in WordPress Plugin Secure Copy Content Protection and Content Locking versions = 4.4.7...