VulnCheck KEV: CVE-2021-4458

The Modern Events Calendar Lite plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'wpajaxmecloadsinglepage' AJAX action in all versions up to, and including, 6.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2021-4458

The Modern Events Calendar Lite plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'wpajaxmecloadsinglepage' AJAX action in all versions up to, and including, 6.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2023-1016

The Intuitive Custom Post Order plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.1.4.1, due to insufficient escaping on the user supplied 'objects' and 'tags' parameters and lack of sufficient preparation in the 'updateoptions' function as well as the...

CVE-2010-4660

Unspecified vulnerability in statusnet through 2010 due to the way addslashes are used in SQL string escapes...

emlog 安全漏洞

emlog is emlog open source a set of PHP and MySQL based CMS site building system . A security vulnerability exists in emlog version 2.5.7 and 2.5.8. The vulnerability stems from searchcontroller.php not using adslashes after urldecode, which may lead to SQL injection...

GTranslate < 2.8.65 - Reflected Cross-Site Scripting (XSS)

In the Pro and Enterprise versions of GTranslate alert123;...

ImpressCMS: SQL injection when configuring a database

Summary: I found a SQL Injection in the form of a system install Database configuration Steps To Reproduce: - Run command: git clone https://github.com/ImpressCMS/impresscms.git - Stop at a menu item: Database configuration - In the Database name field, insert the following exploit: sql...

Sql injection

Unspecified vulnerability in statusnet through 2010 due to the way addslashes are used in SQL string escapes...

Mastery OA /general/ems/manage/search_excel. php file SQL injection vulnerabilities

Width byte injection occurs the position is that PHP sends a request to the MYSQL character set to use the charactersetclient setting a value for an encoding, the GET parameters if it contains“%df%27”, addslashes encoded into‘\’ variable“%df%5c%27”, in MySQL in the processing use the gbk characte...

Theory PHP Common Vulnerabilities third bomb: injection vulnerability-vulnerability warning-the black bar safety net

Injection, is probably the user-controllable number of variables, to the database operation, and cause a change in sql the original intent of the effect. For example, a registered user of logic, detecting whether the user name exists, the user submitted over the user name to get to the database t...

Mallbuilder lostpass.php 文件 userid 参数SQL注入漏洞

0x01 漏洞概述 相关厂商： 上海远丰信息科技有限公司 官方主页： shop-builder.cn 提交时间： 2014-06-03 公开时间： 2014-09-01 漏洞类型： SQL注射漏洞 谷歌关键字： powered by mallbuilder 0x02 漏洞详情 首先来看看全局文件 function magic if!getmagicquotesgpc&&isset$POST foreach$POST as $key=$v if!isarray$v $POST$key=addslashes$v; else foreach$v as $skey=$sv if!isarray$...

PHPWEB search/index.php SQL注入漏洞

0x01 框架介绍 PHPWEB智能网站管理系统是一款具有可视化管理和模块化网站功能的网站管理软件。可视化的鼠标拖曳排版，自由插入、拖动和叠放插件，所见即所得，让网站制作如同搭积木般便捷易玩；各种插件、边框、菜单可灵活组合和任意摆放，摆脱页面框架的束缚，尽享创意的乐趣；灵活的管理权限和会员权限配置、强大的网站互动功能，让DIY制作的网站毫不逊色于专业开发；模块化的网站功能，十多种常用网站模块和不断增加的专业功能模块可供选用，可根据需要安装卸载模块，即可用于简单的企业展示网站，又可用于开发各种专业网站。 官方主页：www.phpweb.net/ Dork:...

CmsEasy 5.6 /celive/live/header.php SQL注入漏洞

整个漏洞详情在书安杂志中进行了详细的说明。链接：https://www.secbook.net在parseObjXml 凼数中$rootTag 就是传入的 xml 中的第一个标签，返里判断是 xjxobj 还是 xjxquery当$rootTag 为 xjxquery 时将传入的参数内容通过 parsestr 处理 parsestr$sQuery, $aArray;然后当 getmagicquotesgpc == 1 == on的时候候，将传入的参数值反转义$newArray$sKey = stripslashes$sValue;进入postdata函数。function...

74CMS一逻辑漏洞导致两处二次注入

简要描述： 74CMS一逻辑漏洞导致两处二次注入 详细说明： 1.首先还是注册一个企业用户，在注册的过程中用burp抓包，修改里面的username字段 username=1′,1,1001,1,user,1,1,1,1,1,1,1 — a 2.74cms本来是不允许注册带有特殊字符的用户名的，但是使用这样的方法可以绕过过滤，我们来看一下数据库。 3.我们再来看哪里对该用户进行了二次数据库操作。找了很久，看到了对很多操作都提供了日志记录的功能。writememberslog函数 function...

ThinkSAAS 2.2 GET型CSRF到Getshell

简要描述： 后台Getshell本想在XSS漏洞里一起提交的。。。结果我给忘了。 不过后来发现这个洞是Get型的CSRF，利用方便，老少咸宜，在社区CMS中可以说威力无限呀。 详细说明： /app/system/action/plugin.php 83行： case "delete": $apps = $GET'apps'; $pname = $GET'pname'; delDir'plugins/'.$apps.'/'.$pname; qiMsg'删除成功！'; break; 获得了GET到的值以后拼接成路径以后传入delDir函数。delDir函数： / 删除文件夹和文件夹下所有的文...

qibocms 多个系统同一原因的sql注入

简要描述： 因为qibocms 拥有很多系统。 看了看昨天发的那个洞 今天再下载了几个qibo其他的系统 发现有一部分系统存在该洞。 鉴于之前qibocms打补丁的时候总是打了几个系统 而遗漏了其他几个系统。 就把存在这洞的系统全部一个一个的写出来。 详细说明： 统一来看看全局文件 $POST=AddS$POST; $GET=AddS$GET; $COOKIE=AddS$COOKIE; function AddS$array foreach$array as $key=$value if!isarray$value $value=strreplace"&x","& x",$value;...

phpdisk代码设计缺陷导致SQL注入一枚

简要描述： 攒wb 详细说明： 漏洞存在版本为PHPDisk F-Core系列 测试版本为PHPDisk F-Core v1.1 20140703 SQL注入在发布资源时被触发，参数posttag为注入点，上代码 /modules/post.inc.php，第124行左右 $db-queryunbuffered"insert into $tpfposts set ".$db-sqlarray$ins.""; $pid = $db-insertid; maketags$tags,$tagarr,$pid; //注入点 $db-queryunbuffered"update...

PHP 4/5 addslashes() NULL Byte Bypass

No description provided by source. source: http://www.securityfocus.com/bid/11981/info PHP4 and PHP5 are reported prone to multiple remotely exploitable vulnerabilities. These issue result from insufficient sanitization of user-supplied data. A remote attacker may carry out directory traversal...

Eskolar CMS 0.9.0.0 - Remote Blind SQL Injection Exploit

No description provided by source. ================================================================================================== !/usr/bin/perl use IO::Socket; ==================================================================================================...

Havij <= 1.10 - Persistent XSS

No description provided by source. Exploit Title: Havij Persistent XSS =v1.10 Date: 15/6/2010 Author: hexon Version: 1.10 and below Tested on: Windows XP Service Pack 2 Professional, Windows 7 Code : htttp://site.com/file.php?param=XSS Code Havij Persistent XSS =v1.10 By : Hkhexon [email protected]...