1339 matches found
CVE-2021-45255
The email parameter from ajax.php of Video Sharing Website 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's loadfile function with a UNC file path that references a URL on an external domain. The application interacted with that domain,...
CVE-2018-20837
include/admin/Menu/Ajax.php in Typesetter 5.1 has index.php/Admin/Menu/Ajax?cmd=AddHidden title XSS...
CVE-2015-9423
The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has XSS via wp-admin/admin-ajax.php?action=simplefieldsfieldtypepostdialogload PlugneditBGColor, PlugneditEditorMargin, plugneditwidth, pnemedcount, or plugneditcontent parameters...
CVE-2015-9332
The uninstall plugin before 1.2 for WordPress has CSRF to delete all tables via the wp-admin/admin-ajax.php?action=uninstall URI...
CVE-2015-9421
The olevmedia-shortcodes plugin before 1.1.9 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=omscpopup id parameter...
CVE-2015-9438
The display-widgets plugin before 2.04 for WordPress has XSS via the wp-admin/admin-ajax.php?action=dwshowwidget idbase, widgetnumber, or instance parameter...
CVE-2025-4463
A vulnerability, which was classified as critical, was found in itsourcecode Gym Management System 1.0. Affected is an unknown function of the file /ajax.php?action=savepackage. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit h...
CVE-2025-4488 itsourcecode Gym Management System ajax.php sql injection
A vulnerability was found in itsourcecode Gym Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=deletepackage. The manipulation of the argument ID leads to sql injection. The attack can be launched...
CVE-2025-4488 itsourcecode Gym Management System ajax.php sql injection
A vulnerability was found in itsourcecode Gym Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=deletepackage. The manipulation of the argument ID leads to sql injection. The attack can be launched...
CVE-2025-4487 itsourcecode Gym Management System ajax.php sql injection
A vulnerability was found in itsourcecode Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /ajax.php?action=deletemember. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit...
CVE-2025-4486 itsourcecode Gym Management System ajax.php sql injection
A vulnerability was found in itsourcecode Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /ajax.php?action=deleteplan. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has bee...
CVE-2025-4485 itsourcecode Gym Management System ajax.php sql injection
A vulnerability has been found in itsourcecode Gym Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=deletetrainer. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit ha...
CVE-2025-4485 itsourcecode Gym Management System ajax.php sql injection
A vulnerability has been found in itsourcecode Gym Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=deletetrainer. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit ha...
CVE-2025-4484 itsourcecode Gym Management System ajax.php sql injection
A vulnerability, which was classified as critical, was found in itsourcecode Gym Management System 1.0. This affects an unknown part of the file /ajax.php?action=deleteuser. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has...
CVE-2025-4466 itsourcecode Gym Management System ajax.php sql injection
A vulnerability was found in itsourcecode Gym Management System 1.0. It has been classified as critical. This affects an unknown part of the file /ajax.php?action=savepayment. The manipulation of the argument registrationid leads to sql injection. It is possible to initiate the attack remotely. T...
CVE-2025-4466 itsourcecode Gym Management System ajax.php sql injection
A vulnerability was found in itsourcecode Gym Management System 1.0. It has been classified as critical. This affects an unknown part of the file /ajax.php?action=savepayment. The manipulation of the argument registrationid leads to sql injection. It is possible to initiate the attack remotely. T...
CVE-2025-4465 itsourcecode Gym Management System ajax.php sql injection
A vulnerability was found in itsourcecode Gym Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /ajax.php?action=saveschedule. The manipulation of the argument memberid leads to sql injection. The attack may be launched remotely. Th...
CVE-2025-4465
CVE-2025-4465 affects itsourcecode Gym Management System 1.0. The vulnerability is a SQL injection in the endpoint at /ajax.php?action=save_schedule, triggered by manipulating the member_id parameter. Several connected sources confirm remote exploitation is possible and that the exploit has been ...
CVE-2025-4464 itsourcecode Gym Management System ajax.php sql injection
A vulnerability has been found in itsourcecode Gym Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=saveplan. The manipulation of the argument plan leads to sql injection. The attack can be launched remotely...
CVE-2025-4463 itsourcecode Gym Management System ajax.php sql injection
A vulnerability, which was classified as critical, was found in itsourcecode Gym Management System 1.0. Affected is an unknown function of the file /ajax.php?action=savepackage. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit h...