Lucene search
K

1339 matches found

wpexploit
wpexploit
added 2022/12/05 12:0 a.m.108 views

Contest Gallery < 19.1.5 - Author+ SQL Injection

The plugins do not escape the cgrow POST parameter before concatenating it to an SQL query in 3row-order.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. POST /wp-admin/admin-ajax.php HTTP/1.1 Host: localhost:8080 User-Agen...

6.5CVSS0.2AI score0.00854EPSS
Exploits2References1
OSV
OSV
added 2022/11/03 8:15 p.m.4 views

CVE-2022-42748

CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...

6.1CVSS5.9AI score0.01071EPSS
Exploits1References2
NVD
NVD
added 2022/11/03 8:15 p.m.21 views

CVE-2022-42748

CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...

6.1CVSS0.01071EPSS
Exploits1References2
NVD
NVD
added 2022/11/03 8:15 p.m.14 views

CVE-2022-42747

CandidATS version 3.0.0 on 'sortBy' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...

6.1CVSS0.01071EPSS
Exploits1References2
NVD
NVD
added 2022/11/03 8:15 p.m.17 views

CVE-2022-42749

CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...

6.1CVSS0.01071EPSS
Exploits1References2
Prion
Prion
added 2022/11/03 8:15 p.m.16 views

Cross site scripting

CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...

5.8CVSS6AI score0.01071EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/11/03 8:15 p.m.17 views

Cross site scripting

CandidATS version 3.0.0 on 'sortBy' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...

5.8CVSS6AI score0.01071EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/11/03 8:15 p.m.23 views

Cross site scripting

CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...

5.8CVSS6AI score0.01071EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/11/03 8:15 p.m.19 views

Cross site scripting

CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...

5.8CVSS6AI score0.01117EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/03 12:0 a.m.7 views

CVE-2022-42746

CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...

6.2AI score0.01117EPSS
Exploits1References2
CVE
CVE
added 2022/11/03 12:0 a.m.72 views

CVE-2022-42748

CandidATS 3.0.0 is affected by a Cross-Site Scripting (XSS) flaw in the sortDirection parameter of ajax.php. The Nuclei template confirms exploitation by injecting arbitrary script in the victim's browser, enabling cookie-based credential theft and related attacks. The root cause is improper inpu...

6.1CVSS6AI score0.01071EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/11/03 12:0 a.m.26 views

CVE-2022-42748

CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...

6.2AI score0.01071EPSS
Exploits1References2
CVE
CVE
added 2022/11/03 12:0 a.m.68 views

CVE-2022-42749

CVE-2022-42749 affects CandidATS 3.0.0. The flaw is a cross-site scripting (XSS) vulnerability in the ajax.php resource, specifically via the page parameter, allowing an attacker to inject scripts and potentially steal cookie-based authentication credentials in the victim’s browser. Affected comp...

6.1CVSS6AI score0.01071EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/11/03 12:0 a.m.16 views

CVE-2022-42746

CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...

6.2AI score0.01117EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/11/03 12:0 a.m.23 views

CVE-2022-42747

CandidATS version 3.0.0 on 'sortBy' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...

6.2AI score0.01071EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/11/03 12:0 a.m.16 views

CVE-2022-42749

CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...

6.2AI score0.01071EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2022/10/17 12:0 a.m.240 views

WordPress ImageMagick-Engine 1.7.4 Remote Code Execution

Exploit Title: Wordpress Plugin ImageMagick-Engine 1.7.4 - Remote Code Execution RCE Authenticated Google Dork: inurl:"/wp-content/plugins/imagemagick-engine/" Date: Thursday, September 1, 2022 Exploit Author: ABDO10 Vendor Homepage: https://wordpress.org/plugins/imagemagick-engine/ Software Link...

7.4AI score
Exploits0
Prion
Prion
added 2022/10/12 12:15 a.m.11 views

Sql injection

Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /saccoshield/ajax.php?action=deleteborrower...

5.8CVSS7.2AI score0.00831EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/10/07 6:15 p.m.9 views

Sql injection

Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /saccoshield/ajax.php?action=deleteloan...

5.8CVSS7.2AI score0.00726EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2022/09/28 12:0 a.m.19 views

WordPress Scripts Organizer Arbitrary File Upload Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An arbitrary file upload...

8.8CVSS9AI score0.00457EPSS
Exploits2References1
Rows per page
Query Builder