1339 matches found
CVE-2024-36678
In the module "Theme settings" pkthemesettings = 1.8.8 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The script ajax.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...
PT-2024-27121 · Unknown +1 · Prestashop +1
Name of the Vulnerable Software and Affected Versions: PrestaShop module "Theme settings" pk themesettings versions = 1.8.8 Description: The issue allows a guest to perform SQL injection in the "Theme settings" module. Specifically, the script ajax.php contains a sensitive SQL call that can be...
CVE-2024-36678
In the module "Theme settings" pkthemesettings = 1.8.8 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The script ajax.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...
CVE-2024-36678
CVE-2024-36678 affects PrestaShop’s Promokit.eu module Theme settings (pk_themesettings) version
PT-2024-27128 · Prestashop · Custom Links
Name of the Vulnerable Software and Affected Versions: PrestaShop module "Custom links" pk customlinks versions prior to 2.3 Description: The issue allows a guest to perform SQL injection in the "Custom links" module. Specifically, the script ajax.php contains a sensitive SQL call that can be...
PT-2024-15148 · WordPress · The Moneytizer
Name of the Vulnerable Software and Affected Versions: The Moneytizer plugin for WordPress versions up to, and including, 9.5.20 Description: The issue is caused by a missing capability check on multiple AJAX functions in the /core/core ajax.php file. This allows authenticated attackers, with...
CVE-2024-4797 Campcodes Online Laundry Management System ajax.php cross site scripting
A vulnerability was found in Campcodes Online Laundry Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /ajax.php. The manipulation of the argument name/customername/username leads to cross site scripting. The attack can be initiated...
CVE-2024-4797 Campcodes Online Laundry Management System ajax.php cross site scripting
A vulnerability was found in Campcodes Online Laundry Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /ajax.php. The manipulation of the argument name/customername/username leads to cross site scripting. The attack can be initiated...
PT-2024-32920 · Campcodes · Campcodes Online Laundry Management System
Name of the Vulnerable Software and Affected Versions: Campcodes Online Laundry Management System version 1.0 Description: A problem was found in the system, affecting the /ajax.php file. The issue is related to the manipulation of the customer name/username argument, leading to cross-site...
CVE-2024-33274
CVE-2024-33274 describes a Directory Traversal in PrestaShop’s FME Modules customfields (v2.2.7 and earlier). The vulnerability is triggered via the ajax.php endpoint’s parameter referenced as "Custom Checkout Fields, Add Custom Fields to Checkout", allowing a remote attacker to obtain sensitive ...
CVE-2024-33274
Directory Traversal vulnerability in FME Modules customfields v.2.2.7 and before allows a remote attacker to obtain sensitive information via the Custom Checkout Fields, Add Custom Fields to Checkout parameter of the ajax.php...
CVE-2024-33274
Directory Traversal vulnerability in FME Modules customfields v.2.2.7 and before allows a remote attacker to obtain sensitive information via the Custom Checkout Fields, Add Custom Fields to Checkout parameter of the ajax.php...
CVE-2024-3719 Campcodes House Rental Management System ajax.php sql injection
A vulnerability, which was classified as critical, was found in Campcodes House Rental Management System 1.0. This affects an unknown part of the file ajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclos...
CVE-2024-3719
The CVE-2024-3719 entry pertains to Campcodes House Rental Management System 1.0, with a vulnerability in the ajax.php file where modifying the id parameter enables SQL injection. The affected component is the id parameter in ajax.php; root cause is improper handling of input leading to SQL injec...
Purei CMS 1.0 - SQL Injection Vulnerability
Exploit Title: Purei CMS 1.0 - SQL Injection Exploit Author: Number 7 Vendor Homepage: purei.com Version: 1.0 Tested on: Linux Introduction: An SQL injection vulnerability permits attackers to modify backend SQL statements through manipulation of user input. Such an injection transpires when web...
CVE-2024-2916
A vulnerability was found in Campcodes House Rental Management System 1.0. It has been classified as critical. Affected is an unknown function of the file ajax.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been...
CVE-2024-2916 Campcodes House Rental Management System ajax.php sql injection
A vulnerability was found in Campcodes House Rental Management System 1.0. It has been classified as critical. Affected is an unknown function of the file ajax.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been...
CVE-2024-2916 Campcodes House Rental Management System ajax.php sql injection
A vulnerability was found in Campcodes House Rental Management System 1.0. It has been classified as critical. Affected is an unknown function of the file ajax.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been...
CVE-2024-2916
Campcodes House Rental Management System 1.0 is affected by a SQL injection in ajax.php via the username parameter. The vulnerability is exploitable remotely and has public exploit disclosure (VDB-257982). Red Hat and other sources confirm the issue; PTSecurity suggests remote-executable SQL due ...
CVE-2024-29809
The imageurl parameter of the AJAX call to the editimagebwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the imageurl parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The...