135 matches found
PT-2023-18340 · WordPress · Badgeos
Name of the Vulnerable Software and Affected Versions: BadgeOS plugin for WordPress versions up to, and including, 3.7.1.6 Description: The issue is due to improper validation and authorization checks within the badgeos update steps ajax handler, badgeos update award steps ajax handler, badgeos...
CVE-2021-4404
The Event Espresso 4 Decaf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.11. This is due to missing or incorrect nonce validation on the ajaxHandler function. This makes it possible for unauthenticated attackers to op into notifications vi...
Cross site request forgery (csrf)
The Event Espresso 4 Decaf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.11. This is due to missing or incorrect nonce validation on the ajaxHandler function. This makes it possible for unauthenticated attackers to op into notifications vi...
WordPress Plugin Easy Google Maps 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...
PT-2023-20210 · Sourcecodester · Sourcecodester Multi Language Hotel Management
Name of the Vulnerable Software and Affected Versions: SourceCodester Multi Language Hotel Management Software version 1.0 Description: A problematic issue has been found in the software, affecting the file ajax.php of the component POST Parameter Handler. The manipulation of the complaint type...
PT-2022-7110 · Sangoma · Freepbx
Name of the Vulnerable Software and Affected Versions: FreePBX cdr versions 14.0 through 14.0.5.20 Description: The issue is related to the ajaxHandler function in the ucp/Cdr.class.php file of the FreePBX web interface, which fails to protect against SQL query structure attacks. This can allow a...
CVE-2019-15766
The KSLABS KSWEB aka ru.kslabs.ksweb application 3.93 for Android allows authenticated remote code execution via a POST request to the AJAX handler with the configFile parameter set to the arbitrary file to be written to and the configtext parameter set to the content of the file to be created...
Remote code execution
The KSLABS KSWEB aka ru.kslabs.ksweb application 3.93 for Android allows authenticated remote code execution via a POST request to the AJAX handler with the configFile parameter set to the arbitrary file to be written to and the configtext parameter set to the content of the file to be created...
CVE-2019-15766
The KSLABS KSWEB aka ru.kslabs.ksweb application 3.93 for Android allows authenticated remote code execution via a POST request to the AJAX handler with the configFile parameter set to the arbitrary file to be written to and the configtext parameter set to the content of the file to be created...
CVE-2019-15766
CVE-2019-15766 affects the KSLABS KSWEB Android app (v3.93). An authenticated attacker can trigger remote code execution by sending a POST to the AJAX handler with configFile (arbitrary file path) and config_text (content to write), potentially writing and executing a PHP file in the device’s pub...
CVE-2017-16870
The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraftajaxhandler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. NOTE: the vendor reports that this does not cross a privilege boundary...
Drupal up to 7.38 Ajax Handler a Tag cross site scripting
No description provided by source...
Updated drupal packages fix security vulnerabilities
Cross-site scripting XSS vulnerability in the Autocomplete system in Drupal before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files CVE-2015-6658. SQL injection vulnerability in the SQL comment filtering system in the Database API i...
Drupal Ajax Handler and Ctools Module Cross-Site Scripting Vulnerability
Drupal is a free and open source content management system developed in PHP and maintained by the Drupal community.Ajax handler is one of the modules used to handle Ajax requests.Ctools Chaos tool suite is one of the API modules used to improve the development experience. A cross-site scripting...
Cross site scripting
Cross-site scripting XSS vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag...