Lucene search
K

1339 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:8 p.m.22 views

CVE-2021-45255

The email parameter from ajax.php of Video Sharing Website 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's loadfile function with a UNC file path that references a URL on an external domain. The application interacted with that domain,...

10CVSS7.8AI score0.01537EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 7:44 a.m.6 views

CVE-2018-20837

include/admin/Menu/Ajax.php in Typesetter 5.1 has index.php/Admin/Menu/Ajax?cmd=AddHidden title XSS...

4.8CVSS7AI score0.00748EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:53 a.m.5 views

CVE-2015-9423

The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has XSS via wp-admin/admin-ajax.php?action=simplefieldsfieldtypepostdialogload PlugneditBGColor, PlugneditEditorMargin, plugneditwidth, pnemedcount, or plugneditcontent parameters...

5.4CVSS6AI score0.01044EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:52 a.m.8 views

CVE-2015-9332

The uninstall plugin before 1.2 for WordPress has CSRF to delete all tables via the wp-admin/admin-ajax.php?action=uninstall URI...

6.5CVSS7AI score0.0061EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:50 a.m.5 views

CVE-2015-9421

The olevmedia-shortcodes plugin before 1.1.9 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=omscpopup id parameter...

6.5CVSS6.1AI score0.00867EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:50 a.m.5 views

CVE-2015-9438

The display-widgets plugin before 2.04 for WordPress has XSS via the wp-admin/admin-ajax.php?action=dwshowwidget idbase, widgetnumber, or instance parameter...

5.4CVSS6AI score0.01044EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/11 5:6 a.m.22 views

CVE-2025-4463

A vulnerability, which was classified as critical, was found in itsourcecode Gym Management System 1.0. Affected is an unknown function of the file /ajax.php?action=savepackage. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit h...

9.8CVSS7.7AI score0.00751EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/09 8:0 p.m.6 views

CVE-2025-4488 itsourcecode Gym Management System ajax.php sql injection

A vulnerability was found in itsourcecode Gym Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=deletepackage. The manipulation of the argument ID leads to sql injection. The attack can be launched...

7.5CVSS7.5AI score0.00438EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/05/09 8:0 p.m.25 views

CVE-2025-4488 itsourcecode Gym Management System ajax.php sql injection

A vulnerability was found in itsourcecode Gym Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=deletepackage. The manipulation of the argument ID leads to sql injection. The attack can be launched...

7.5CVSS0.00438EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/05/09 8:0 p.m.22 views

CVE-2025-4487 itsourcecode Gym Management System ajax.php sql injection

A vulnerability was found in itsourcecode Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /ajax.php?action=deletemember. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit...

7.5CVSS0.00438EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/05/09 7:31 p.m.37 views

CVE-2025-4486 itsourcecode Gym Management System ajax.php sql injection

A vulnerability was found in itsourcecode Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /ajax.php?action=deleteplan. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has bee...

7.5CVSS0.00438EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/05/09 7:0 p.m.10 views

CVE-2025-4485 itsourcecode Gym Management System ajax.php sql injection

A vulnerability has been found in itsourcecode Gym Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=deletetrainer. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit ha...

7.5CVSS7.5AI score0.00444EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/05/09 7:0 p.m.17 views

CVE-2025-4485 itsourcecode Gym Management System ajax.php sql injection

A vulnerability has been found in itsourcecode Gym Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=deletetrainer. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit ha...

7.5CVSS0.00444EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/05/09 7:0 p.m.18 views

CVE-2025-4484 itsourcecode Gym Management System ajax.php sql injection

A vulnerability, which was classified as critical, was found in itsourcecode Gym Management System 1.0. This affects an unknown part of the file /ajax.php?action=deleteuser. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

7.5CVSS0.00438EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/05/09 6:0 a.m.22 views

CVE-2025-4466 itsourcecode Gym Management System ajax.php sql injection

A vulnerability was found in itsourcecode Gym Management System 1.0. It has been classified as critical. This affects an unknown part of the file /ajax.php?action=savepayment. The manipulation of the argument registrationid leads to sql injection. It is possible to initiate the attack remotely. T...

7.5CVSS0.00751EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/05/09 6:0 a.m.10 views

CVE-2025-4466 itsourcecode Gym Management System ajax.php sql injection

A vulnerability was found in itsourcecode Gym Management System 1.0. It has been classified as critical. This affects an unknown part of the file /ajax.php?action=savepayment. The manipulation of the argument registrationid leads to sql injection. It is possible to initiate the attack remotely. T...

7.5CVSS7.5AI score0.00751EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/05/09 5:31 a.m.9 views

CVE-2025-4465 itsourcecode Gym Management System ajax.php sql injection

A vulnerability was found in itsourcecode Gym Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /ajax.php?action=saveschedule. The manipulation of the argument memberid leads to sql injection. The attack may be launched remotely. Th...

7.5CVSS7.3AI score0.00751EPSS
Exploits1References5
CVE
CVE
added 2025/05/09 5:31 a.m.54 views

CVE-2025-4465

CVE-2025-4465 affects itsourcecode Gym Management System 1.0. The vulnerability is a SQL injection in the endpoint at /ajax.php?action=save_schedule, triggered by manipulating the member_id parameter. Several connected sources confirm remote exploitation is possible and that the exploit has been ...

9.8CVSS7.5AI score0.00751EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/09 5:31 a.m.7 views

CVE-2025-4464 itsourcecode Gym Management System ajax.php sql injection

A vulnerability has been found in itsourcecode Gym Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=saveplan. The manipulation of the argument plan leads to sql injection. The attack can be launched remotely...

7.5CVSS7.4AI score0.00751EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/05/09 5:0 a.m.18 views

CVE-2025-4463 itsourcecode Gym Management System ajax.php sql injection

A vulnerability, which was classified as critical, was found in itsourcecode Gym Management System 1.0. Affected is an unknown function of the file /ajax.php?action=savepackage. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit h...

7.5CVSS0.00751EPSS
Exploits1References5
Rows per page
Query Builder