Lucene search
K

1339 matches found

Cvelist
Cvelist
added 2023/12/21 12:0 a.m.22 views

CVE-2023-51051

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Atextauth parameter at /admin/ajax.php...

10AI score0.00534EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/12/21 12:0 a.m.12 views

CVE-2023-51051

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Atextauth parameter at /admin/ajax.php...

9.9AI score0.00534EPSS
Exploits0References1
wpexploit
wpexploit
added 2023/12/21 12:0 a.m.168 views

WP Custom Widget Area <= 1.2.5 - Subscriber+ Menus Creation/Deletion/Update

Description The plugin does not properly apply capability and nonce checks on any of its AJAX action callback functions, which could allow attackers with subscriber+ privilege to create, delete or modify menus on the site. Log in as a subscriber, and paste any of the following fetch call in your...

4.3CVSS6.7AI score0.00389EPSS
Exploits2
CVE
CVE
added 2023/12/21 12:0 a.m.51 views

CVE-2023-51050

Summary: CVE-2023-51050 affects S-CMS v5.0, with a SQL injection via the A_productauth parameter in /admin/ajax.php. The Red Hat, NVD, CVE listings, and PT Security entries corroborate the issue and its association with S-CMS 5.0. The PT-2023-31751 advisory notes there is no available fix/version...

9.8CVSS9.7AI score0.00534EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/12/21 12:0 a.m.45 views

CVE-2023-51049

CVE-2023-51049 : S-CMS v5.0 has a SQL injection vulnerability via the A_bbsauth parameter in /admin/ajax.php. This is a high-severity issue (CVSS v3.1: 9.8, CRITICAL) with network access, no authentication, no user interaction, and impacts to confidentiality, integrity, and availability. Root cau...

9.8CVSS9.7AI score0.00534EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/12/21 12:0 a.m.79 views

CVE-2023-51052

CVE-2023-51052 affects S-CMS v5.0, with a SQL injection vulnerability in the A_formauth parameter of /admin/ajax.php. Root cause: unsafely handling user input in A_formauth allows constructing malicious SQL. Impact per CVSS 3.1: Confidentiality/Integrity/Availability: High; Base score 9.8 (CRITIC...

9.8CVSS9.7AI score0.00534EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/12/21 12:0 a.m.62 views

CVE-2023-51048

CVE-2023-51048 affects S-CMS v5.0 with a SQL injection via the A_newsauth parameter in /admin/ajax.php. Root cause: unsanitized input leading to SQL injection. Impact per sources: high confidentiality, integrity, and availability; attack vector is network with no authentication and no user intera...

9.8CVSS9.7AI score0.00534EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/12/07 7:15 a.m.28 views

CVE-2023-48823

A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login...

9.8CVSS0.01092EPSS
Exploits3References1
Cvelist
Cvelist
added 2023/12/07 12:0 a.m.29 views

CVE-2023-48823

A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login...

10AI score0.01092EPSS
Exploits3References1
Packet Storm
Packet Storm
added 2023/12/04 12:0 a.m.310 views

GaatiTrack Courier Management System 1.0 SQL Injection

Exploit Title: GaatiTrack Courier Management System v1.0 - SQL Injection Date: 13/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.mayurik.com/ Software Link: https://www.mayurik.com/source-code/P0998/best-courier-management-system-project-in-php...

7.4AI score0.01092EPSS
Exploits3
0day.today
0day.today
added 2023/12/04 12:0 a.m.375 views

GaatiTrack Courier Management System 1.0 SQL Injection Vulnerability

Exploit Title: GaatiTrack Courier Management System v1.0 - SQL Injection Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.mayurik.com/ Software Link: https://www.mayurik.com/source-code/P0998/best-courier-management-system-project-in-php Version: v1.0 Teste...

9.8CVSS7.4AI score0.01092EPSS
Exploits3
wpexploit
wpexploit
added 2023/11/10 12:0 a.m.195 views

Welcart e-Commerce < 2.9.5 - Subscriber+ Arbitrary File Upload

Description The plugin does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. As a result, any authenticated users, such as subscriber could upload arbitrary files, such as PHP on the server Setup As admin: - Go the the...

8.8CVSS7.4AI score0.00479EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/27 12:0 a.m.123 views

Five Star Restaurant Menu and Food Ordering < 2.4.11 - Unauthenticated PHP Object Injection

Description The plugin unserializes user input via an AJAX action available to unauthenticated users, allowing them to perform PHP Object Injection when a suitable gadget is present on the blog. Run the below command in the developer console of the web browser while being on the blog...

9.8CVSS7.1AI score0.01245EPSS
Exploits2
wpexploit
wpexploit
added 2023/10/16 12:0 a.m.125 views

Awesome Support < 6.1.5 - Insufficient permission check in wpas_edit_reply

Description The plugin does not correctly authorize the wpaseditreply function, allowing users to edit posts for which they do not have permission. Log in as a subscriber and run the following code in the browser, setting the replyid to any post ID. fetch"/wp-admin/admin-ajax.php", "headers":...

4.3CVSS6.6AI score0.00405EPSS
Exploits2
Prion
Prion
added 2023/09/17 2:15 a.m.28 views

Cross site scripting

A vulnerability was found in UCMS 1.4.7. It has been classified as problematic. Affected is an unknown function of the file ajax.php?do=strarraylist. The manipulation of the argument strdefault leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

4CVSS6AI score0.00435EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/17 1:31 a.m.14 views

CVE-2023-5015 UCMS cross site scripting

A vulnerability was found in UCMS 1.4.7. It has been classified as problematic. Affected is an unknown function of the file ajax.php?do=strarraylist. The manipulation of the argument strdefault leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

4CVSS6.2AI score0.00435EPSS
Exploits1References3
OSV
OSV
added 2023/09/08 2:15 p.m.3 views

CVE-2023-39676

FieldPopupNewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the callback parameter at ajax.php...

6.1CVSS5.6AI score0.01343EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/09/08 12:0 a.m.2 views

Prestashop Module Cross-Site Scripting Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The program provides a variety of payment methods , short message alerts and product image scaling and other features . A security vulnerability exists in Prestashop Module version v1.0.0, which stems fro...

6.1CVSS5.8AI score0.01343EPSS
Exploits1References4
CVE
CVE
added 2023/09/08 12:0 a.m.67 views

CVE-2023-39676

The CVE-2023-39676 issue affects the FieldPopupNewsletter Prestashop Module (v1.0.0). A reflected cross-site scripting (XSS) vulnerability is triggered via the callback parameter at ajax.php, as described in multiple sources. The vulnerability is categorized with CVSS v3.1 base score 6.1 (medium)...

6.1CVSS6AI score0.01343EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/07 12:0 a.m.3 views

PT-2023-27067 · Prestashop · Simpleimportproduct Prestashop Module +1

Name of the Vulnerable Software and Affected Versions: FieldPopupNewsletter Prestashop Module version 1.0.0 SimpleImportProduct Prestashop Module version 1.0.0 Description: A reflected cross-site scripting XSS issue was discovered in the Prestashop modules. The vulnerability is exploited via the...

6.1CVSS6AI score0.01343EPSS
Exploits1References7
Rows per page
Query Builder