Lucene search
K

1339 matches found

CNVD
CNVD
added 2021/12/26 12:0 a.m.18 views

Simple Forum-Discussion System SQL Injection Vulnerability

Simple Forum-Discussion System is a simple forum/discussion system. SQL injection vulnerability exists in Simple Forum-Discussion System, which originates in various components such as manage topic.php, manage user.php and ajax.php. Lack of validation of externally entered SQL statements. An...

9.8CVSS3.6AI score0.01239EPSS
Exploits1References1
wpexploit
wpexploit
added 2021/12/22 12:0 a.m.96 views

Contact Form & Lead Form Elementor Builder < 1.6.8 - Subscriber+ Arbitrary Lead Deletion

The plugin does not have capability and CSRF checks in the deleteleadsbackend AJAX action, available to any authenticated users. As a result, users with a role as low as subscriber could delete arbitrary Leads. Attackers could also make any logged in users delete leads via a CSRF attack POST...

0.4AI score
Exploits0
NVD
NVD
added 2021/12/21 12:15 p.m.7 views

CVE-2021-45252

Multiple SQL injection vulnerabilities are found on Simple Forum-Discussion System 1.0 For example on three applications which are managetopic.php, manageuser.php, and ajax.php. The attacker can be retrieving all information from the database of this system by using this vulnerability...

9.8CVSS0.01239EPSS
Exploits1References1
OSV
OSV
added 2021/12/21 12:15 p.m.6 views

CVE-2021-45255

The email parameter from ajax.php of Video Sharing Website 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's loadfile function with a UNC file path that references a URL on an external domain. The application interacted with that domain,...

9.8CVSS5.8AI score0.01537EPSS
Exploits1References1
Prion
Prion
added 2021/12/21 12:15 p.m.8 views

Sql injection

The email parameter from ajax.php of Video Sharing Website 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's loadfile function with a UNC file path that references a URL on an external domain. The application interacted with that domain,...

10CVSS9.6AI score0.01537EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2021/12/21 12:15 p.m.13 views

Sql injection

Multiple SQL injection vulnerabilities are found on Simple Forum-Discussion System 1.0 For example on three applications which are managetopic.php, manageuser.php, and ajax.php. The attacker can be retrieving all information from the database of this system by using this vulnerability...

7.5CVSS9.8AI score0.01239EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/12/21 11:50 a.m.30 views

CVE-2021-45255

The email parameter from ajax.php of Video Sharing Website 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's loadfile function with a UNC file path that references a URL on an external domain. The application interacted with that domain,...

9.9AI score0.01537EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/12/21 11:4 a.m.24 views

CVE-2021-45252

Multiple SQL injection vulnerabilities are found on Simple Forum-Discussion System 1.0 For example on three applications which are managetopic.php, manageuser.php, and ajax.php. The attacker can be retrieving all information from the database of this system by using this vulnerability...

10AI score0.01239EPSS
Exploits1References1
0day.today
0day.today
added 2021/12/20 12:0 a.m.241 views

Video Sharing Website 1.0 SQL Injection Vulnerability

Title: Video Sharing Website 1.0 SQL - Injection Author: nu11secur1ty Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/14584/video-sharing-website-using-phpmysqli-source-code.html Description: The email parameter from ajax.php app of Video Sharing...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2021/12/20 12:0 a.m.282 views

Video Sharing Website 1.0 SQL Injection

Title: Video Sharing Website 1.0 SQL - Injection Author: nu11secur1ty Date: 12.18.2021 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/14584/video-sharing-website-using-phpmysqli-source-code.html Description: The email parameter from ajax.php app o...

0.5AI score
Exploits0
wpexploit
wpexploit
added 2021/12/13 12:0 a.m.401 views

WOOCS < 1.3.7.3 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the customprices parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin-ajax.php?action=woocsgetcustompricehtml&customprices=%3Cimg%20src%20onerror=alertXSS%3E...

6.1CVSS0.7AI score0.00876EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/12/03 12:0 a.m.56 views

Modern Events Calendar Lite < 6.2.0 - Subscriber+ Category Add Leading to Stored XSS

The plugin alloed any logged-in user, even a subscriber user, may add a category whose parameters are incorrectly escaped in the admin panel, leading to stored XSS. 1. Run the following JavaScript in the browser's web console as a subscriber user. 2. Authenticate in a separate browser as an admin...

5.4CVSS5.4AI score0.00611EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/15 12:0 a.m.131 views

Mediamatic < 2.8.1 - Subscriber+ SQL Injection

The mediamaticAjaxRenameCategory AJAX action of the plugin, available to any authenticated user, does not sanitise the categoryID parameter before using it in a SQL statement, leading to an SQL injection POST /wp-admin/admin-ajax.php HTTP/1.1 Accept:...

8.8CVSS8.8AI score0.01318EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/08 12:0 a.m.122 views

Backup and Restore <= 1.0.3 - Admin+ Arbitrary File Deletion

The plugin does not sanitise and validate the foldername parameter when deleting a report, which could allow high privilege users to delete arbitrary files on the web server, including those outside of the WordPress folder POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: / Accept-Language:...

6.9AI score
Exploits0References1
wpexploit
wpexploit
added 2021/11/08 12:0 a.m.406 views

WooCommerce Currency Switcher < 1.3.7.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the key parameter of the woocsupdateprofilesdata AJAX action available to any authenticated user before outputting it back in the response, leading to a Reflected cross-Site Scripting issue " / var form1 = document.getElementById'hack'; form1.submit; POST...

6.1CVSS6AI score0.00795EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2021/10/18 12:0 a.m.20 views

Support Board < 3.3.6 - Arbitrary File Deletion via CSRF

The plugin does not have any CSRF checks in actions handled by the include/ajax.php file, which could allow attackers to make logged in users do unwanted actions. For example, make an admin delete arbitrary files PoC...

4.2AI score0.00542EPSS
Exploits2References1Affected Software1
wpexploit
wpexploit
added 2021/10/18 12:0 a.m.679 views

SEO Redirection < 8.2 - Subscriber+ SQL Injection

The importFromRedirection AJAX action of the plugin, available to any authenticated user, does not properly sanitise the offset parameter before using it in a SQL statement, leading an SQL injection when the redirection plugin is also installed POST /wp-admin/admin-ajax.php HTTP/1.1 Accept:...

8.8CVSS0.6AI score0.01318EPSS
Exploits2
0day.today
0day.today
added 2021/10/18 12:0 a.m.314 views

Support Board 3.3.4 - (Message) Stored Cross-Site Scripting Vulnerability

Exploit Title: Support Board 3.3.4 - 'Message' Stored Cross-Site Scripting XSS Exploit Author: John Jefferson Li Vendor Homepage: https://board.support/ Software Link: https://codecanyon.net/item/support-board-help-desk-and-chat/20359943 Version: 3.3.4 Tested on: Ubuntu 20.04.2 LTS, Windows 10 PO...

7.4AI score
Exploits0
wpexploit
wpexploit
added 2021/10/07 12:0 a.m.170 views

Chameleon CSS <= 1.2 - Subscriber+ SQL Injection

The plugin does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform unauthorised actions. One of AJAX call, removecss, also does not sanitise or escape the cssid POST parameter before using it in a SQL...

8.8CVSS0.5AI score0.00712EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/10/06 12:0 a.m.711 views

Visitor Traffic Real Time Statistics < 3.9 - Subscriber+ SQL Injection

The plugin does not validate and escape user input passed to the todaytrafficindex AJAX action available to any authenticated users before using it in a SQL statement, leading to an SQL injection issue POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: application/json, text/javascript, /; q=0.01...

8.8CVSS0.7AI score0.01318EPSS
Exploits2
Rows per page
Query Builder