Lucene search
K

168 matches found

Vulnrichment
Vulnrichment
added 2025/09/09 12:32 a.m.5 views

CVE-2025-10115 SiempreCMS user_search_ajax.php sql injection

A vulnerability was determined in SiempreCMS up to 1.3.6. This affects an unknown part of the file usersearchajax.php. This manipulation of the argument name/userName causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized...

7.5CVSS6.9AI score0.00302EPSS
Exploits0References4
CVE
CVE
added 2025/09/09 12:32 a.m.22 views

CVE-2025-10115

CVE-2025-10115 affects SiempreCMS up to version 1.3.6. The vulnerability resides in the file user_search_ajax.php where manipulation of the name/userName parameter triggers a SQL injection. The issue can be exploited remotely and the exploit has been publicly disclosed. Remediation per connected ...

7.5CVSS7.3AI score0.00302EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.7 views

SiempreCMS SQL注入漏洞

SiempreCMS is a content management system of SiempreCMS open source. SiempreCMS 1.3.6 and earlier versions have a SQL injection vulnerability that stems from incorrect manipulation of the parameter name/userName in the file usersearchajax.php resulting in SQL injection...

7.5CVSS7.8AI score0.00302EPSS
Exploits0References4
NVD
NVD
added 2025/07/29 8:15 p.m.8 views

CVE-2024-43018

Piwigo 13.8.0 and below is vulnerable to SQL Injection in the parameters maxlevel and minregister. These parameters are used in wsusergerList function from file include\wsfunctions\pwg.users.php and this same function is called by ws.php file at some point can be used for searching users in...

6.4CVSS0.00277EPSS
Exploits3References3
Positive Technologies
Positive Technologies
added 2025/07/29 12:0 a.m.10 views

PT-2025-31256 · Piwigo · Piwigo

Name of the Vulnerable Software and Affected Versions: Piwigo versions 13.8.0 and below Description: Piwigo versions 13.8.0 and below are vulnerable to SQL Injection in the parameters max level and min register. These parameters are used in the ws user gerList function from the file includews...

6.4CVSS7.5AI score0.00277EPSS
Exploits3References10
Vulnrichment
Vulnrichment
added 2025/07/29 12:0 a.m.3 views

CVE-2024-43018

Piwigo 13.8.0 and below is vulnerable to SQL Injection in the parameters maxlevel and minregister. These parameters are used in wsusergerList function from file include\wsfunctions\pwg.users.php and this same function is called by ws.php file at some point can be used for searching users in...

7.6AI score0.00277EPSS
Exploits3References3
OSV
OSV
added 2025/07/29 12:0 a.m.9 views

CVE-2024-43018

Piwigo 13.8.0 and below is vulnerable to SQL Injection in the parameters maxlevel and minregister. These parameters are used in wsusergerList function from file include\wsfunctions\pwg.users.php and this same function is called by ws.php file at some point can be used for searching users in...

6.4CVSS7.3AI score0.00277EPSS
Exploits3References5
OSV
OSV
added 2025/07/14 7:24 p.m.3 views

GHSA-Q28V-664F-Q6WJ Indico vulnerability allows attackers to bulk dump user details

Impact An endpoint used to display details of users listed in certain fields such as ACLs could be misused to dump basic user details such as name, affiliation and email in bulk. !TIP If your instance allows everyone to create a user account, and you wish to truly restrict access to these user...

5.3CVSS6AI score0.00565EPSS
Exploits2References9
RedhatCVE
RedhatCVE
added 2025/05/23 9:52 a.m.9 views

CVE-2024-7606

The Front End Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'user-search' shortcode in all versions up to, and including, 3.2.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00311EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:57 a.m.10 views

CVE-2023-6155

The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the aysquizauthorusersearch AJAX action, allowing an unauthenticated attacker to perform a search for users of the system, ultimately leaking user email addresses...

5.3CVSS6.9AI score0.00565EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/22 7:53 a.m.8 views

CVE-2019-4091

"HCL Marketing Platform is vulnerable to cross-site scripting during addition of new users and also while searching for users in Dashboard, potentially giving an attacker ability to inject malicious code into the system. "...

5.4CVSS6.4AI score0.00521EPSS
Exploits0References1
OSV
OSV
added 2025/05/05 4:16 a.m.10 views

CVE-2025-4262

A vulnerability was found in PHPGurukul Online DJ Booking Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/user-search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely...

9.8CVSS5.8AI score0.00428EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/05/05 12:0 a.m.5 views

PHPGurukul Online DJ Booking Management System 注入漏洞

PHPGurukul Online DJ Booking Management System is an online DJ booking management system from PHPGurukul. An injection vulnerability exists in version 1.0 of the PHPGurukul Online DJ Booking Management System, which stems from improper handling of the searchdata parameter in the file...

9.8CVSS7.8AI score0.00428EPSS
Exploits1References6
OSV
OSV
added 2025/04/02 10:15 a.m.4 views

CVE-2024-12410

The Front End Users plugin for WordPress is vulnerable to SQL Injection via the 'UserSearchField' parameter in all versions up to, and including, 3.2.32 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

4.9CVSS5.8AI score0.00424EPSS
Exploits0References2
Veracode
Veracode
added 2025/04/02 7:9 a.m.4 views

Authentication Bypass

Mattermost is vulnerable to Authentication Bypass. The vulnerability is due to a flaw that allows authenticated attackers to bypass MFA protections via user search, channel search, or team search queries...

6.5CVSS5.1AI score0.00291EPSS
Exploits0References3Affected Software2
Positive Technologies
Positive Technologies
added 2025/04/02 12:0 a.m.5 views

PT-2025-14469 · WordPress · Front End Users

Name of the Vulnerable Software and Affected Versions: Front End Users plugin for WordPress versions up to, and including, 3.2.32 Description: The issue allows for SQL Injection via the UserSearchField parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient...

4.9CVSS9.9AI score0.00424EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2025/03/29 3:2 a.m.5 views

SUSE CVE-2025-30179

Mattermost versions 10.4.x = 10.4.2, 10.3.x = 10.3.3, 9.11.x = 9.11.8 fail to enforce MFA on certain search APIs, which allows authenticated attackers to bypass MFA protections via user search, channel search, or team search queries...

6.5CVSS6.9AI score0.00291EPSS
Exploits0References3
Snyk
Snyk
added 2025/03/21 9:30 a.m.3 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to search APIs including user search, channel search, and team search failing to enforce multifactor authentication. Remediation Upgrade...

6.5CVSS7AI score0.00291EPSS
Exploits0References2
Snyk
Snyk
added 2025/03/21 9:30 a.m.5 views

Missing Authentication for Critical Function

Overview github.com/mattermost/mattermost/server/v8/channels/api4 is a platform for secure collaboration across the entire software development lifecycle Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to search APIs including user search,...

6.5CVSS6.9AI score0.00291EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/03/01 12:8 a.m.6 views

WordPress Secure Copy Content Protection and Content Locking plugin <= 4.4.7 - Missing Authorization to Unauthenticated User Email Retrieval via ays_sccp_reports_user_search Function vulnerability

Missing Authorization to Unauthenticated User Email Retrieval via ayssccpreportsusersearch Function vulnerability discovered by Krzysztof Zając in WordPress Plugin Secure Copy Content Protection and Content Locking versions = 4.4.7...

5.3CVSS7AI score0.00369EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder