13 matches found
CVE-2026-43937 YAF.NET: Pre-Handler Authorization Bypass on Admin Pages Enabling Blind SQL Execution via `/Admin/RunSql`
YetAnotherForum.NET YAF.NET is a C ASP.NET forum. Prior to 4.0.5, Any admin OnPost… handler executes its side effects before the ResultFilterAttribute rewrites the response to a 302 to /Info/4. The most impactful abuse is /Admin/RunSql, whose OnPostRunQuery binds Editor from the POST body and...
CVE-2024-8155
A vulnerability classified as critical was found in ContiNew Admin 3.2.0. Affected by this vulnerability is the function top.continew.starter.extension.crud.controller.BaseControllertree of the file /api/system/dept/tree?sort=parentId%2Casc=sort%2Casc. The manipulation of the argument sort leads ...
CVE-2021-44219
Gin-Vue-Admin before 2.4.6 mishandles a SQL database...
WordPress WP-Recall plugin < 16.26.12 - Admin+ SQL Injection vulnerability
Admin+ SQL Injection vulnerability discovered by y4ng0615 in WordPress Plugin WP-Recall versions 16.26.12...
WordPress Track Logins plugin <= 1.0 - Admin+ SQL Injection vulnerability
Admin+ SQL Injection vulnerability discovered by Francisco Alisson in WordPress Plugin Track Logins versions = 1.0...
WordPress plugin Track Logins 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
CVE-2024-9918
A vulnerability has been found in HuangDou UTCMS V9 and classified as critical. This vulnerability affects the function RunSql of the file app/modules/ut-data/admin/sql.php. The manipulation of the argument sql leads to sql injection. The attack can be initiated remotely. The exploit has been...
Search & Replace < 3.2.2 - Admin+ SQL injection
Description The plugin does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks such as within a multi-site network. 1. Go to the Tools parameter 2. Select Search & Replace 3. Click "Do Search & Replace" 4. Change the parameters...
CVE-2022-27342
Link-Admin v0.0.1 was discovered to contain a SQL injection vulnerability via DictRest.ResponseResult...
CVE-2022-0254
The WordPress Zero Spam WordPress plugin before 5.2.11 does not properly sanitise and escape the order and orderby parameters before using them in a SQL statement in the admin dashboard, leading to a SQL injection...
CVE-2021-24864
The WP Cloudy, weather plugin WordPress plugin before 4.4.9 does not escape the postid parameter before using it in a SQL statement in the admin dashboard, leading to a SQL Injection issue...
Gila CMS SQL Injection Vulnerability
Gila CMS is an open source content management system CMS based on PHP and MySQL. A SQL injection vulnerability exists in /admin/sql?query= in Gila CMS version 1.11.8. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker...
CVE-2020-5515
Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection...