Lucene search
K

13 matches found

Vulnrichment
Vulnrichment
added 2026/05/12 2:0 p.m.7 views

CVE-2026-43937 YAF.NET: Pre-Handler Authorization Bypass on Admin Pages Enabling Blind SQL Execution via `/Admin/RunSql`

YetAnotherForum.NET YAF.NET is a C ASP.NET forum. Prior to 4.0.5, Any admin OnPost… handler executes its side effects before the ResultFilterAttribute rewrites the response to a 302 to /Info/4. The most impactful abuse is /Admin/RunSql, whose OnPostRunQuery binds Editor from the POST body and...

8.8CVSS6.1AI score0.00488EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:31 a.m.10 views

CVE-2024-8155

A vulnerability classified as critical was found in ContiNew Admin 3.2.0. Affected by this vulnerability is the function top.continew.starter.extension.crud.controller.BaseControllertree of the file /api/system/dept/tree?sort=parentId%2Casc=sort%2Casc. The manipulation of the argument sort leads ...

5.8CVSS7.3AI score0.00439EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:44 p.m.9 views

CVE-2021-44219

Gin-Vue-Admin before 2.4.6 mishandles a SQL database...

9.8CVSS7.5AI score0.01262EPSS
Exploits0
Patchstack
Patchstack
added 2025/03/25 7:4 a.m.5 views

WordPress WP-Recall plugin < 16.26.12 - Admin+ SQL Injection vulnerability

Admin+ SQL Injection vulnerability discovered by y4ng0615 in WordPress Plugin WP-Recall versions 16.26.12...

4.7CVSS8.1AI score0.003EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/02/17 10:28 a.m.3 views

WordPress Track Logins plugin <= 1.0 - Admin+ SQL Injection vulnerability

Admin+ SQL Injection vulnerability discovered by Francisco Alisson in WordPress Plugin Track Logins versions = 1.0...

4.7CVSS8.1AI score0.00332EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/02/17 12:0 a.m.4 views

WordPress plugin Track Logins 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

4.7CVSS9.2AI score0.00332EPSS
Exploits1References2
OSV
OSV
added 2024/10/13 8:15 p.m.4 views

CVE-2024-9918

A vulnerability has been found in HuangDou UTCMS V9 and classified as critical. This vulnerability affects the function RunSql of the file app/modules/ut-data/admin/sql.php. The manipulation of the argument sql leads to sql injection. The attack can be initiated remotely. The exploit has been...

7.2CVSS5.7AI score0.00557EPSS
Exploits1References4
wpexploit
wpexploit
added 2024/05/23 12:0 a.m.162 views

Search & Replace < 3.2.2 - Admin+ SQL injection

Description The plugin does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks such as within a multi-site network. 1. Go to the Tools parameter 2. Select Search & Replace 3. Click "Do Search & Replace" 4. Change the parameters...

7.5AI score0.00444EPSS
Exploits2References1
NVD
NVD
added 2022/04/22 8:15 p.m.16 views

CVE-2022-27342

Link-Admin v0.0.1 was discovered to contain a SQL injection vulnerability via DictRest.ResponseResult...

9.8CVSS0.01079EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/03/14 3:15 p.m.7 views

CVE-2022-0254

The WordPress Zero Spam WordPress plugin before 5.2.11 does not properly sanitise and escape the order and orderby parameters before using them in a SQL statement in the admin dashboard, leading to a SQL injection...

9.8CVSS7.9AI score0.01997EPSS
Exploits2References4
OSV
OSV
added 2022/02/28 9:15 a.m.3 views

CVE-2021-24864

The WP Cloudy, weather plugin WordPress plugin before 4.4.9 does not escape the postid parameter before using it in a SQL statement in the admin dashboard, leading to a SQL Injection issue...

8.8CVSS7.4AI score0.01202EPSS
Exploits1References2
CNVD
CNVD
added 2020/01/07 12:0 a.m.7 views

Gila CMS SQL Injection Vulnerability

Gila CMS is an open source content management system CMS based on PHP and MySQL. A SQL injection vulnerability exists in /admin/sql?query= in Gila CMS version 1.11.8. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker...

7.2CVSS8.3AI score0.26546EPSS
Exploits9References1
OSV
OSV
added 2020/01/06 7:15 p.m.3 views

CVE-2020-5515

Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection...

7.2CVSS5.8AI score0.26546EPSS
Exploits9References3
Rows per page
Query Builder