CampCodes Online Recruitment Management System 注入漏洞

CampCodes Online Recruitment Management System is a recruitment management system from CampCodes Philippines. An injection vulnerability exists in CampCodes Online Recruitment Management System version 1.0, which stems from improper handling of parameter IDs in the file /admin/ajax.php, which cou...

CVE-2023-51052

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Aformauth parameter at /admin/ajax.php...

CVE-2022-46955

Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=savequeue...

CVE-2015-9446

The unite-gallery-lite plugin before 1.5 for WordPress has SQL injection via datagalleryID to wp-admin/admin-ajax.php...

CVE-2018-5656

An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. CSRF exists via wp-admin/admin-ajax.php...

CVE-2024-29810

The thumburl parameter of the AJAX call to the editimagebwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the thumburl parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The...

Waiting: One-click Countdowns <= 0.6.2 - Subscriber+ SQLi

The plugin does not properly sanitise and escape the pbcdownmetaid parameter before using it in a SQL statement via the pbcsavedowns AJAX action, leading to a SQL injection exploitable by any authenticated users, such as subscriber Run the below command in the developer console of the web browser...

PT-2023-16932 · Unknown · Sourcecodester Online Pizza Ordering System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Pizza Ordering System version 1.0 Description: A critical issue was found in the system, affecting an unknown functionality of the file /admin/ajax.php. The manipulation of the username argument leads to SQL injection...

CVE-2018-15818

An issue was discovered in Repute ARForms 3.5.1 and prior. An attacker is able to delete any file on the server with web server privileges by sending a malicious request to admin-ajax.php...

tsv-lindewitt.de XSS vulnerability

Open Bug Bounty ID: OBB-637592 Description| Value ---|--- Affected Website:| tsv-lindewitt.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Other Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

WordPress weblizar-pinterest-feeds plugin cross-site request forgery vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site. weblizar-pinterest-feeds plugin is used in one of the plugin for displaying Pinterest data. A cross-site request...

diariojudio.com XSS vulnerability

Vulnerable URL: http://diariojudio.com/wp-admin/admin-ajax.php?tdthemename=Newspaper=8.1 Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 289299 VIP website status:| No Coordinated Disclosure Timeline: Description...

Floating Social Bar 1.1.5 XSS

Everyone can access saveorder. File: floating-social-bar\class-floating-social-bar.php addaction 'wpajaxfsbsaveorder', array $this, 'saveorder' ; addaction 'wpajaxnoprivfsbsaveorder', array $this, 'saveorder' ; $REQUEST'items' is not escaped. File: floating-social-bar\class-floating-social-bar.ph...