845 matches found
CVE-2023-51050
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Aproductauth parameter at /admin/ajax.php...
CVE-2023-51049
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Abbsauth parameter at /admin/ajax.php...
Sql injection
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Aformauth parameter at /admin/ajax.php...
Sql injection
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Aproductauth parameter at /admin/ajax.php...
CVE-2023-51051
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Atextauth parameter at /admin/ajax.php...
CVE-2023-51051
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Atextauth parameter at /admin/ajax.php...
CVE-2023-51052
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Aformauth parameter at /admin/ajax.php...
WP Custom Widget Area <= 1.2.5 - Subscriber+ Menus Creation/Deletion/Update
Description The plugin does not properly apply capability and nonce checks on any of its AJAX action callback functions, which could allow attackers with subscriber+ privilege to create, delete or modify menus on the site. Log in as a subscriber, and paste any of the following fetch call in your...
CVE-2023-51049
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Abbsauth parameter at /admin/ajax.php...
CVE-2023-51050
Summary: CVE-2023-51050 affects S-CMS v5.0, with a SQL injection via the A_productauth parameter in /admin/ajax.php. The Red Hat, NVD, CVE listings, and PT Security entries corroborate the issue and its association with S-CMS 5.0. The PT-2023-31751 advisory notes there is no available fix/version...
CVE-2023-51052
CVE-2023-51052 affects S-CMS v5.0, with a SQL injection vulnerability in the A_formauth parameter of /admin/ajax.php. Root cause: unsafely handling user input in A_formauth allows constructing malicious SQL. Impact per CVSS 3.1: Confidentiality/Integrity/Availability: High; Base score 9.8 (CRITIC...
Welcart e-Commerce < 2.9.5 - Subscriber+ Arbitrary File Upload
Description The plugin does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. As a result, any authenticated users, such as subscriber could upload arbitrary files, such as PHP on the server Setup As admin: - Go the the...
Five Star Restaurant Menu and Food Ordering < 2.4.11 - Unauthenticated PHP Object Injection
Description The plugin unserializes user input via an AJAX action available to unauthenticated users, allowing them to perform PHP Object Injection when a suitable gadget is present on the blog. Run the below command in the developer console of the web browser while being on the blog...
Awesome Support < 6.1.5 - Insufficient permission check in wpas_edit_reply
Description The plugin does not correctly authorize the wpaseditreply function, allowing users to edit posts for which they do not have permission. Log in as a subscriber and run the following code in the browser, setting the replyid to any post ID. fetch"/wp-admin/admin-ajax.php", "headers":...
Exploit for Open Redirect in King-Theme Kingcomposer
CVE-2022-0165 - Page Builder KingComposer WordPress Plugin - I...
WordPress Page Builder KingComposer 2.9.6 Open Redirection
==================================================================================================================================== | Title : WordPress Page Builder KingComposer 2.9.6 Open Redirect Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...
Feather Login Page < 1.1.2 - Cross-Site Request Forgery to Privilege Escalation
The plugin does not protect its ftlpp-ext-expirable-login-link action against CSRF attacks, allowing an unauthenticated attacker to add users of any role on their behalf by tricking a logged in administrator to submit a crafted request. POST...
Icegram Engage < 3.1.12 - Reflected XSS
The plugin does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the code below...
Remote code execution
S-CMS v5.0 was discovered to contain an authenticated remote code execution RCE vulnerability via the component /admin/ajax.php...
tagDiv Composer < 4.0 - Reflected Cross-site Scripting
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page containing the HTML code below...