1339 matches found
tagDiv Composer < 4.0 - Reflected Cross-site Scripting
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page containing the HTML code below...
ChatBot < 4.4.9 - Subscriber+ OpenAI Settings Update to Stored XSS
The plugin does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to update them. Furthermore, due to the lack of escaping of the settings, this could also lead to Stored XSS Run the below command in...
Sql injection
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/ajax.php?action=login...
W4 Post List < 2.4.6 - Subscriber+ Password Protected Post Content Disclosure
The plugin does not ensure that password protected posts can be accessed before displaying their content, which could allow any authenticated users to access them Setup: Create a default Post list, and create a password protected post with secret content Then, run the below command in the develop...
InPost Gallery <= 2.1.4.1 - Reflected XSS
The plugin does not sanitise and escape the imgurl parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open...
MDTF < 1.3.1 - Reflected XSS
The plugin does not sanitise and escape the taxname parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open...
MDTF < 1.3.1 - Reflected XSS
The plugin does not sanitise and escape the taxname parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open...
Authentication flaw
A vulnerability was found in SourceCodester Online Pizza Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file admin/ajax.php?action=saveuser of the component Password Change Handler. The manipulation leads to improper authentication. It is possible to...
CVE-2023-1460 SourceCodester Online Pizza Ordering System Password Change improper authentication
A vulnerability was found in SourceCodester Online Pizza Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file admin/ajax.php?action=saveuser of the component Password Change Handler. The manipulation leads to improper authentication. It is possible to...
CVE-2023-1460
CVE-2023-1460 concerns the SourceCodester Online Pizza Ordering System 1.0. The vulnerability lies in the Password Change Handler, specifically the file segment admin/ajax.php?action=save_user , enabling an improper authentication condition. It can be triggered remotely, withImpact described as h...
CVE-2023-1432
A vulnerability was found in SourceCodester Online Food Ordering System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /fos/admin/ajax.php?action=savesettings of the component POST Request Handler. The manipulation leads to improper access control...
Sql injection
PrestaShop dpdfrance 6.1.3 is vulnerable to SQL Injection via dpdfrance/ajax.php...
CVE-2023-1365 SourceCodester Online Pizza Ordering System ajax.php sql injection
A vulnerability was found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ajax.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The...
PT-2023-19979 · Unknown +1 · Prestashop +1
Name of the Vulnerable Software and Affected Versions: PrestaShop versions prior to 6.1.3 DpdFrance module versions prior to 6.1.3 Description: The issue allows for SQL Injection via the "dpdfrance/ajax.php" endpoint. Recommendations: For PrestaShop versions prior to 6.1.3, update to version 6.1....
CVE-2023-25207
PrestaShop dpdfrance 6.1.3 is vulnerable to SQL Injection via dpdfrance/ajax.php...
Shopping Cart & eCommerce Store < 5.4.3 - Admin+ LFI
The plugin does not validate HTTP requests, allowing authenticated users with admin privileges to perform LFI attacks. 1. Login as Admin. 2. Go to wp-admin/admin.php?page=wp-easycart-products&subpage=products 3. Click on Import Products. Browse any file and click on import file. Intercept the...
Cross-Site Request Forgery (CSRF)
froxlor/froxlor is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists in the updateTablelisting and resetTablelisting functions in ajax.php due to improper sanitization which allows an attacker to change the request to get so that a user cannot use any functions on the page...
SQL Injection in '/module/accounts/ajax.php'
Description There exists an SQL injection affecting the 'order'0'dir', start and length parameters located in the file /module/accounts/ajax.php Let's take a look at the following code: https://github.com/unilogies/bumsys/blob/9dc2de204116297a7e528c38bc3b1e89bf40f907/module/accounts/ajax.phpL1503...
Full CSRF Bypass
Description The intended way to reach functionality in $module/ajax.php is through the /xhr endpoint. Looking at the following code: https://github.com/unilogies/bumsys/blob/83bd788c21ce390f62e34ab6755a3e61c106418c/core/route.phpL43-L48 php if $pageSlug === "xhr" or $pageSlug === "info" and...
CVE-2023-1112 Drag and Drop Multiple File Upload Contact Form 7 admin-ajax.php path traversal
A vulnerability was found in Drag and Drop Multiple File Upload Contact Form 7 5.0.6.1 on WordPress. It has been classified as critical. Affected is an unknown function of the file admin-ajax.php. The manipulation of the argument uploadname leads to relative path traversal. It is possible to laun...