6 matches found
EUVD-2022-5155
Malicious code in bioql PyPI...
VulnCheck KEV: CVE-2022-0169
The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwgtagidbwgthumbnails0 parameter before using it in a SQL statement via the bwgfrontenddata AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL injection...
PT-2024-30599 · WordPress · Block Bad Bots/Stop Bad Bots Crawlers/Spiders/Anti Spam Protection
Name of the Vulnerable Software and Affected Versions: The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin for WordPress versions up to, and including, 10.24 Description: The issue is related to unauthorized access of data due to a missing capability check on...
bumsys SQL注入漏洞
bumsys is an open source project called Business Management System by unilogies individual developers. unilogies bumsys version before v2.0.2 has a SQL injection vulnerability , the vulnerability stems from core/ajax/ajaxdata.php in the SQL injection...
SQL Injection in 'core/ajax/ajax_data.php'
Description There exists an SQL injection affecting the customerid parameter located in the file core/ajax/ajaxdata.php Let's take a look at the following code: https://github.com/unilogies/bumsys/blob/9dc2de204116297a7e528c38bc3b1e89bf40f907/core/ajax/ajaxdata.phpL537 sql where stockproductid =...
Ajax Data Uploader Shell Upload
0101010101----010101010101010 01 01------0101 0101 01 01------0101 0101 01 01------0101 0101 01 01------0101 0101 01 01------0101 0101 01 01------0101 0101 01 01------0101010101 01 01------0101 010 01 01------0101 010 01 01------0101 010 01 01------0101 010 01 01------0101 010 0101010101----0101...