Lucene search
K

1339 matches found

NVD
NVD
added 2024/06/19 9:15 p.m.13 views

CVE-2024-36678

In the module "Theme settings" pkthemesettings = 1.8.8 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The script ajax.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...

9.8CVSS0.00564EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/06/19 12:0 a.m.3 views

PT-2024-27121 · Unknown +1 · Prestashop +1

Name of the Vulnerable Software and Affected Versions: PrestaShop module "Theme settings" pk themesettings versions = 1.8.8 Description: The issue allows a guest to perform SQL injection in the "Theme settings" module. Specifically, the script ajax.php contains a sensitive SQL call that can be...

9.8CVSS8AI score0.00564EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/06/19 12:0 a.m.18 views

CVE-2024-36678

In the module "Theme settings" pkthemesettings = 1.8.8 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The script ajax.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...

0.00564EPSS
Exploits1References1
CVE
CVE
added 2024/06/19 12:0 a.m.45 views

CVE-2024-36678

CVE-2024-36678 affects PrestaShop’s Promokit.eu module Theme settings (pk_themesettings) version

9.8CVSS7.9AI score0.00564EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/19 12:0 a.m.6 views

PT-2024-27128 · Prestashop · Custom Links

Name of the Vulnerable Software and Affected Versions: PrestaShop module "Custom links" pk customlinks versions prior to 2.3 Description: The issue allows a guest to perform SQL injection in the "Custom links" module. Specifically, the script ajax.php contains a sensitive SQL call that can be...

9.8CVSS8.4AI score0.00408EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/06/05 12:0 a.m.9 views

PT-2024-15148 · WordPress · The Moneytizer

Name of the Vulnerable Software and Affected Versions: The Moneytizer plugin for WordPress versions up to, and including, 9.5.20 Description: The issue is caused by a missing capability check on multiple AJAX functions in the /core/core ajax.php file. This allows authenticated attackers, with...

8.1CVSS6.7AI score0.00394EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2024/05/12 7:31 a.m.12 views

CVE-2024-4797 Campcodes Online Laundry Management System ajax.php cross site scripting

A vulnerability was found in Campcodes Online Laundry Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /ajax.php. The manipulation of the argument name/customername/username leads to cross site scripting. The attack can be initiated...

5.3CVSS6.3AI score0.00632EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/05/12 7:31 a.m.25 views

CVE-2024-4797 Campcodes Online Laundry Management System ajax.php cross site scripting

A vulnerability was found in Campcodes Online Laundry Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /ajax.php. The manipulation of the argument name/customername/username leads to cross site scripting. The attack can be initiated...

5.3CVSS4.2AI score0.00632EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/05/12 12:0 a.m.6 views

PT-2024-32920 · Campcodes · Campcodes Online Laundry Management System

Name of the Vulnerable Software and Affected Versions: Campcodes Online Laundry Management System version 1.0 Description: A problem was found in the system, affecting the /ajax.php file. The issue is related to the manipulation of the customer name/username argument, leading to cross-site...

6.1CVSS4.1AI score0.00632EPSS
Exploits1References6
CVE
CVE
added 2024/04/30 12:0 a.m.47 views

CVE-2024-33274

CVE-2024-33274 describes a Directory Traversal in PrestaShop’s FME Modules customfields (v2.2.7 and earlier). The vulnerability is triggered via the ajax.php endpoint’s parameter referenced as "Custom Checkout Fields, Add Custom Fields to Checkout", allowing a remote attacker to obtain sensitive ...

7.5CVSS6.3AI score0.00986EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/04/30 12:0 a.m.15 views

CVE-2024-33274

Directory Traversal vulnerability in FME Modules customfields v.2.2.7 and before allows a remote attacker to obtain sensitive information via the Custom Checkout Fields, Add Custom Fields to Checkout parameter of the ajax.php...

6.7AI score0.00986EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/04/30 12:0 a.m.17 views

CVE-2024-33274

Directory Traversal vulnerability in FME Modules customfields v.2.2.7 and before allows a remote attacker to obtain sensitive information via the Custom Checkout Fields, Add Custom Fields to Checkout parameter of the ajax.php...

6.3AI score0.00986EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/04/13 11:0 a.m.12 views

CVE-2024-3719 Campcodes House Rental Management System ajax.php sql injection

A vulnerability, which was classified as critical, was found in Campcodes House Rental Management System 1.0. This affects an unknown part of the file ajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclos...

6.5CVSS7.4AI score0.00641EPSS
Exploits1References4
CVE
CVE
added 2024/04/13 11:0 a.m.59 views

CVE-2024-3719

The CVE-2024-3719 entry pertains to Campcodes House Rental Management System 1.0, with a vulnerability in the ajax.php file where modifying the id parameter enables SQL injection. The affected component is the id parameter in ajax.php; root cause is improper handling of input leading to SQL injec...

8.8CVSS7.3AI score0.00641EPSS
Exploits1References4Affected Software1
0day.today
0day.today
added 2024/03/29 12:0 a.m.232 views

Purei CMS 1.0 - SQL Injection Vulnerability

Exploit Title: Purei CMS 1.0 - SQL Injection Exploit Author: Number 7 Vendor Homepage: purei.com Version: 1.0 Tested on: Linux Introduction: An SQL injection vulnerability permits attackers to modify backend SQL statements through manipulation of user input. Such an injection transpires when web...

7.4AI score
Exploits0
OSV
OSV
added 2024/03/26 11:15 p.m.5 views

CVE-2024-2916

A vulnerability was found in Campcodes House Rental Management System 1.0. It has been classified as critical. Affected is an unknown function of the file ajax.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

6.5CVSS5.8AI score0.00645EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/03/26 10:31 p.m.12 views

CVE-2024-2916 Campcodes House Rental Management System ajax.php sql injection

A vulnerability was found in Campcodes House Rental Management System 1.0. It has been classified as critical. Affected is an unknown function of the file ajax.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

7.5CVSS7.4AI score0.00645EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/03/26 10:31 p.m.20 views

CVE-2024-2916 Campcodes House Rental Management System ajax.php sql injection

A vulnerability was found in Campcodes House Rental Management System 1.0. It has been classified as critical. Affected is an unknown function of the file ajax.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

7.5CVSS7.8AI score0.00645EPSS
Exploits1References4
CVE
CVE
added 2024/03/26 10:31 p.m.63 views

CVE-2024-2916

Campcodes House Rental Management System 1.0 is affected by a SQL injection in ajax.php via the username parameter. The vulnerability is exploitable remotely and has public exploit disclosure (VDB-257982). Red Hat and other sources confirm the issue; PTSecurity suggests remote-executable SQL due ...

7.5CVSS7.5AI score0.00645EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2024/03/26 4:15 p.m.16 views

CVE-2024-29809

The imageurl parameter of the AJAX call to the editimagebwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the imageurl parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The...

5.4CVSS5.4AI score0.00412EPSS
Exploits1References2
Rows per page
Query Builder