1339 matches found
CVE-2023-51051
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Atextauth parameter at /admin/ajax.php...
CVE-2023-51051
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Atextauth parameter at /admin/ajax.php...
WP Custom Widget Area <= 1.2.5 - Subscriber+ Menus Creation/Deletion/Update
Description The plugin does not properly apply capability and nonce checks on any of its AJAX action callback functions, which could allow attackers with subscriber+ privilege to create, delete or modify menus on the site. Log in as a subscriber, and paste any of the following fetch call in your...
CVE-2023-51050
Summary: CVE-2023-51050 affects S-CMS v5.0, with a SQL injection via the A_productauth parameter in /admin/ajax.php. The Red Hat, NVD, CVE listings, and PT Security entries corroborate the issue and its association with S-CMS 5.0. The PT-2023-31751 advisory notes there is no available fix/version...
CVE-2023-51049
CVE-2023-51049 : S-CMS v5.0 has a SQL injection vulnerability via the A_bbsauth parameter in /admin/ajax.php. This is a high-severity issue (CVSS v3.1: 9.8, CRITICAL) with network access, no authentication, no user interaction, and impacts to confidentiality, integrity, and availability. Root cau...
CVE-2023-51052
CVE-2023-51052 affects S-CMS v5.0, with a SQL injection vulnerability in the A_formauth parameter of /admin/ajax.php. Root cause: unsafely handling user input in A_formauth allows constructing malicious SQL. Impact per CVSS 3.1: Confidentiality/Integrity/Availability: High; Base score 9.8 (CRITIC...
CVE-2023-51048
CVE-2023-51048 affects S-CMS v5.0 with a SQL injection via the A_newsauth parameter in /admin/ajax.php. Root cause: unsanitized input leading to SQL injection. Impact per sources: high confidentiality, integrity, and availability; attack vector is network with no authentication and no user intera...
CVE-2023-48823
A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login...
CVE-2023-48823
A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login...
GaatiTrack Courier Management System 1.0 SQL Injection
Exploit Title: GaatiTrack Courier Management System v1.0 - SQL Injection Date: 13/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.mayurik.com/ Software Link: https://www.mayurik.com/source-code/P0998/best-courier-management-system-project-in-php...
GaatiTrack Courier Management System 1.0 SQL Injection Vulnerability
Exploit Title: GaatiTrack Courier Management System v1.0 - SQL Injection Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.mayurik.com/ Software Link: https://www.mayurik.com/source-code/P0998/best-courier-management-system-project-in-php Version: v1.0 Teste...
Welcart e-Commerce < 2.9.5 - Subscriber+ Arbitrary File Upload
Description The plugin does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. As a result, any authenticated users, such as subscriber could upload arbitrary files, such as PHP on the server Setup As admin: - Go the the...
Five Star Restaurant Menu and Food Ordering < 2.4.11 - Unauthenticated PHP Object Injection
Description The plugin unserializes user input via an AJAX action available to unauthenticated users, allowing them to perform PHP Object Injection when a suitable gadget is present on the blog. Run the below command in the developer console of the web browser while being on the blog...
Awesome Support < 6.1.5 - Insufficient permission check in wpas_edit_reply
Description The plugin does not correctly authorize the wpaseditreply function, allowing users to edit posts for which they do not have permission. Log in as a subscriber and run the following code in the browser, setting the replyid to any post ID. fetch"/wp-admin/admin-ajax.php", "headers":...
Cross site scripting
A vulnerability was found in UCMS 1.4.7. It has been classified as problematic. Affected is an unknown function of the file ajax.php?do=strarraylist. The manipulation of the argument strdefault leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been...
CVE-2023-5015 UCMS cross site scripting
A vulnerability was found in UCMS 1.4.7. It has been classified as problematic. Affected is an unknown function of the file ajax.php?do=strarraylist. The manipulation of the argument strdefault leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been...
CVE-2023-39676
FieldPopupNewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the callback parameter at ajax.php...
Prestashop Module Cross-Site Scripting Vulnerability
PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The program provides a variety of payment methods , short message alerts and product image scaling and other features . A security vulnerability exists in Prestashop Module version v1.0.0, which stems fro...
CVE-2023-39676
The CVE-2023-39676 issue affects the FieldPopupNewsletter Prestashop Module (v1.0.0). A reflected cross-site scripting (XSS) vulnerability is triggered via the callback parameter at ajax.php, as described in multiple sources. The vulnerability is categorized with CVSS v3.1 base score 6.1 (medium)...
PT-2023-27067 · Prestashop · Simpleimportproduct Prestashop Module +1
Name of the Vulnerable Software and Affected Versions: FieldPopupNewsletter Prestashop Module version 1.0.0 SimpleImportProduct Prestashop Module version 1.0.0 Description: A reflected cross-site scripting XSS issue was discovered in the Prestashop modules. The vulnerability is exploited via the...