CVE-2014-3904

CVE-2014-3904 affects Shutter 0.1.4 (tenfourzero). The vulnerability is a SQL injection in lib/admin.php that enables remote attackers to execute arbitrary SQL commands via unspecified vectors. Impact is described as possible arbitrary SQL execution with administrative context, potentially affect...

JVN#48039501: Shutter vulnerable to SQL injection

Shutter provided by tenfourzero is a web package allowing users to share their photos. lib/admin.php in Shutter contains a SQL injection vulnerability. Impact If an administrator views a malicious page while logged in, an arbitrary SQL command may be executed. Solution Uninstall the Software...

Sphider-Search-Engine 1.3.6 /sphider/admin/admin.php SQL注入漏洞

No description provided by source...

CVE-2014-5193

Cross-site scripting XSS vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the category parameter. NOTE: the url parameter vector is already covered by CVE-2014-5082...

CVE-2014-5192

The vulnerability affects Sphider 1.3.6, specifically in admin/admin.php where the filter parameter is exploitable via SQL injection. The underlying issue enables remote attackers to execute arbitrary SQL commands, with the CVSSv2 base metrics indicating a HIGH impact (Confidentiality/P, Integrit...

CVE-2014-5193

CVE-2014-5193 is an XSS vulnerability in Sphider 1.3.6 specifically in admin/admin.php where the category parameter can inject arbitrary web script or HTML. The note confirms the URL parameter vector is covered by CVE-2014-5082, indicating multiple input vectors in the same product family. The co...

CVE-2014-5194

Summary (CVE-2014-5194): Sphider 1.3.6 contains a static code injection flaw in admin/admin.php. Remote authenticated users can exploit the _word_upper_bound parameter to inject arbitrary PHP code into settings/conf.php. This is evidenced by multiple connected sources (exploit-db, packetstorm) de...

Sql injection

SQL injection vulnerability in includes/mode-edit.php in the Simple Retail Menus simple-retail-menus plugin before 4.1 for WordPress allows remote authenticated editors to execute arbitrary SQL commands via the targetmenu parameter in an edit action to wp-admin/admin.php...

CVE-2014-5184

SQL injection vulnerability in the stripshow-storylines page in the stripShow plugin 2.5.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the story parameter in an edit action to wp-admin/admin.php...

CVE-2014-5082

Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the 1 siteid or 2 url parameter...

Sql injection

Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the 1 siteid or 2 url parameter...

CVE-2014-5082

CVE-2014-5082 relates to multiple SQL injection vulnerabilities in admin/admin.php affecting Sphider 1.3.6 and earlier , including Sphider Pro/Plus . The flaw enables remote attackers to manipulate the underlying database by injecting via the parameters site_id or url , as documented in the CVE e...

blogVault 1.05 - admin.php blogVault Key Setting CSRF

The Backup & Staging – BlogVault Backups WordPress plugin was affected by an admin.php blogVault Key Setting CSRF security vulnerability...

Cart66 Lite - admin.php cart66-products Page Multiple Field Stored XSS

The cart66-lite WordPress plugin was affected by an admin.php cart66-products Page Multiple Field Stored XSS security vulnerability...

WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass

...

WordPress BSK PDF Manager Plugin <= 1.3 - Cross Site Scripting

This plugin is prone to a cross site scripting in wp-admin/admin.php multiple parameter. Solution Upgrade the plugin...

WordPress blogVault Plugin <= 1.05 - Cross Site Request Forgery

This plugin is prone to a admin.php blogVault key setting cross site request forgery vulnerability. Solution Update the plugin...

WordPress Artiss Code Embed Plugin <= 2.0.1 - Cross Site Scripting

This plugin is prone to a cross site scripting vulnerability in wp-admin/admin.php suffix parameter. Solution Update the plugin...

Sql injection

Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in the BSK PDF Manager plugin 1.3.2 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the 1 categoryid or 2 pdfid parameter to wp-admin/admin.php...

CVE-2014-4944

Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in the BSK PDF Manager plugin 1.3.2 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the 1 categoryid or 2 pdfid parameter to wp-admin/admin.php...