CVE-2014-10017

Multiple SQL injection vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to execute arbitrary SQL commands via the 1 changeSort or 2 switch parameter in the uscesitemedit page to wp-admin/admin.php...

Kajona 'admin.php' Cross-Site Scripting Vulnerability

Kajona is a set of Kajona team based on PHP and MySql open source content management framework. A cross-site scripting vulnerability exists in Kajona 'admin.php' because it fails to properly filter user-supplied input. An attacker may be able to exploit this vulnerability to execute arbitrary...

CVE-2014-9437

Multiple cross-site request forgery CSRF vulnerabilities in the Sliding Social Icons plugin 1.61 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings via unspecified vectors or 2 conduct cross-site scripting XSS attacks via...

Sql injection

Multiple SQL injection vulnerabilities in Absolut Engine 1.73 allow remote authenticated users to execute arbitrary SQL commands via the 1 sectionID parameter to admin/managersection.php, 2 userID parameter to admin/edituser.php, 3 username parameter to admin/admin.php, or 4 title parameter to...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Sliding Social Icons plugin 1.61 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings via unspecified vectors or 2 conduct cross-site scripting XSS attacks via...

WordPress Shareaholic Plugin <= 7.6.0 - XSS

This vulnerability is in admin.php. It allows authenticated users to inject arbitrary web script or HTML via the "locationid" parameter that is in a shareaholicaddlocation action to wp-admin/admin-ajax.php. Solution Update the plugin...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the WP Google Maps plugin before 6.0.27 for WordPress allow remote attackers to inject arbitrary web script or HTML via the polyid parameter in an 1 editpoly, 2 editpolyline, or 3 editmarker action in the wp-google-maps-menu page to...

Cross site scripting

Cross-site scripting XSS vulnerability in the Max Foundry MaxButtons plugin before 1.26.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in a button action on the maxbuttons-controller page to wp-admin/admin.php, related to the button creation pa...

CVE-2014-7181

Cross-site scripting XSS vulnerability in the Max Foundry MaxButtons plugin before 1.26.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in a button action on the maxbuttons-controller page to wp-admin/admin.php, related to the button creation pa...

CVE-2014-8294

Multiple SQL injection vulnerabilities in Voice Of Web AllMyGuests 0.4.1 allow remote attackers to execute arbitrary SQL commands via the 1 allmyphpcookie cookie to admin.php or the 2 Username or 3 Password...

Cross site scripting

Cross-site scripting XSS vulnerability in the WooCommerce plugin before 2.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the range parameter on the wc-reports page to wp-admin/admin.php...

Sql injection

SQL injection vulnerability in the editgallery function in admin/galleryfunc.php in the Huge-IT Image Gallery plugin 1.0.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the removeslide parameter to wp-admin/admin.php...

HDW Player 2.4.2 - wp-admin/admin.php videos Page id Parameter SQL Injection

The HDW Player Plugin Video Player & Video Gallery WordPress plugin was affected by a wp-admin/admin.php videos Page id Parameter SQL Injection security vulnerability...

Sql injection

SQL injection vulnerability in lib/admin.php in tenfourzero Shutter 0.1.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2014-3904

CVE-2014-3904 affects Shutter 0.1.4 (tenfourzero). The vulnerability is a SQL injection in lib/admin.php that enables remote attackers to execute arbitrary SQL commands via unspecified vectors. Impact is described as possible arbitrary SQL execution with administrative context, potentially affect...

JVN#48039501: Shutter vulnerable to SQL injection

Shutter provided by tenfourzero is a web package allowing users to share their photos. lib/admin.php in Shutter contains a SQL injection vulnerability. Impact If an administrator views a malicious page while logged in, an arbitrary SQL command may be executed. Solution Uninstall the Software...

Sphider-Search-Engine 1.3.6 /sphider/admin/admin.php SQL注入漏洞

No description provided by source...

CVE-2014-5193

Cross-site scripting XSS vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the category parameter. NOTE: the url parameter vector is already covered by CVE-2014-5082...

CVE-2014-5193

CVE-2014-5193 is an XSS vulnerability in Sphider 1.3.6 specifically in admin/admin.php where the category parameter can inject arbitrary web script or HTML. The note confirms the URL parameter vector is covered by CVE-2014-5082, indicating multiple input vectors in the same product family. The co...

CVE-2014-5192

The vulnerability affects Sphider 1.3.6, specifically in admin/admin.php where the filter parameter is exploitable via SQL injection. The underlying issue enables remote attackers to execute arbitrary SQL commands, with the CVSSv2 base metrics indicating a HIGH impact (Confidentiality/P, Integrit...