Lucene search
K

1339 matches found

wpexploit
wpexploit
added 2024/01/01 12:0 a.m.131 views

Meris <= 1.1.2 - Reflected XSS

Description The theme does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin alert/XSS-areaname/" / alert/XSS-num/' /...

6.1CVSS8.7AI score0.00331EPSS
Exploits1
NVD
NVD
added 2023/12/29 10:15 p.m.13 views

CVE-2023-50071

Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customersupport/ajax.php?action=savedepartment via id or name...

8.8CVSS0.13754EPSS
Exploits6References2
NVD
NVD
added 2023/12/29 10:15 p.m.19 views

CVE-2023-50070

Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customersupport/ajax.php?action=saveticket via departmentid, customerid, and subject...

8.8CVSS0.00786EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2023/12/29 12:0 a.m.13 views

CVE-2023-50071

Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customersupport/ajax.php?action=savedepartment via id or name...

8.5AI score0.13754EPSS
Exploits6References2
wpexploit
wpexploit
added 2023/12/25 12:0 a.m.168 views

Estatik Real Estate Plugin < 4.1.1 - Subscriber+ Arbitrary Option Update

Description The plugin does not prevent user with low privileges on the site, like subscribers, from setting any of the site's options to 1, which could be used to break sites and lead to DoS when certain options are reset Run the below command in the developer console of the web browser while...

6.5CVSS6.7AI score0.0061EPSS
Exploits2
wpexploit
wpexploit
added 2023/12/22 12:0 a.m.165 views

easy.jobs < 2.4.7 - Subscriber+ Arbitrary Settings Update

Description The plugin does not properly secure some of its AJAX actions, allowing any logged-in users to modify its settings. fetch"/wp-admin/admin-ajax.php", "headers": "content-type": "multipart/form-data; boundary=----WebKitFormBoundaryvEIqF0bdJXlPN58D", , "body":...

4.3CVSS6.7AI score0.00405EPSS
Exploits2
NVD
NVD
added 2023/12/21 4:15 p.m.15 views

CVE-2023-51052

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Aformauth parameter at /admin/ajax.php...

9.8CVSS0.00534EPSS
Exploits0References1
OSV
OSV
added 2023/12/21 4:15 p.m.3 views

CVE-2023-51050

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Aproductauth parameter at /admin/ajax.php...

9.8CVSS5.8AI score0.00534EPSS
Exploits0References1
NVD
NVD
added 2023/12/21 4:15 p.m.16 views

CVE-2023-51050

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Aproductauth parameter at /admin/ajax.php...

9.8CVSS0.00534EPSS
Exploits0References1
NVD
NVD
added 2023/12/21 4:15 p.m.23 views

CVE-2023-51051

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Atextauth parameter at /admin/ajax.php...

9.8CVSS0.00534EPSS
Exploits0References1
NVD
NVD
added 2023/12/21 4:15 p.m.17 views

CVE-2023-51049

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Abbsauth parameter at /admin/ajax.php...

9.8CVSS0.00534EPSS
Exploits0References1
NVD
NVD
added 2023/12/21 4:15 p.m.15 views

CVE-2023-51048

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Anewsauth parameter at /admin/ajax.php...

9.8CVSS0.00534EPSS
Exploits0References1
Prion
Prion
added 2023/12/21 4:15 p.m.17 views

Sql injection

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Atextauth parameter at /admin/ajax.php...

7.5CVSS8.6AI score0.00534EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/12/21 4:15 p.m.18 views

Sql injection

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Aproductauth parameter at /admin/ajax.php...

7.5CVSS8.6AI score0.00534EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/12/21 4:15 p.m.23 views

Sql injection

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Aformauth parameter at /admin/ajax.php...

7.5CVSS8.6AI score0.00534EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/12/21 4:15 p.m.20 views

Sql injection

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Abbsauth parameter at /admin/ajax.php...

7.5CVSS8.6AI score0.00534EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/12/21 4:15 p.m.24 views

Sql injection

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Anewsauth parameter at /admin/ajax.php...

7.5CVSS8.6AI score0.00534EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/21 12:0 a.m.15 views

CVE-2023-51052

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Aformauth parameter at /admin/ajax.php...

10AI score0.00534EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/12/21 12:0 a.m.17 views

CVE-2023-51048

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Anewsauth parameter at /admin/ajax.php...

10AI score0.00534EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/12/21 12:0 a.m.13 views

CVE-2023-51049

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Abbsauth parameter at /admin/ajax.php...

10AI score0.00534EPSS
Exploits0References1
Rows per page
Query Builder