1339 matches found
Simple Forum-Discussion System SQL Injection Vulnerability
Simple Forum-Discussion System is a simple forum/discussion system. SQL injection vulnerability exists in Simple Forum-Discussion System, which originates in various components such as manage topic.php, manage user.php and ajax.php. Lack of validation of externally entered SQL statements. An...
Contact Form & Lead Form Elementor Builder < 1.6.8 - Subscriber+ Arbitrary Lead Deletion
The plugin does not have capability and CSRF checks in the deleteleadsbackend AJAX action, available to any authenticated users. As a result, users with a role as low as subscriber could delete arbitrary Leads. Attackers could also make any logged in users delete leads via a CSRF attack POST...
CVE-2021-45252
Multiple SQL injection vulnerabilities are found on Simple Forum-Discussion System 1.0 For example on three applications which are managetopic.php, manageuser.php, and ajax.php. The attacker can be retrieving all information from the database of this system by using this vulnerability...
CVE-2021-45255
The email parameter from ajax.php of Video Sharing Website 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's loadfile function with a UNC file path that references a URL on an external domain. The application interacted with that domain,...
Sql injection
The email parameter from ajax.php of Video Sharing Website 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's loadfile function with a UNC file path that references a URL on an external domain. The application interacted with that domain,...
Sql injection
Multiple SQL injection vulnerabilities are found on Simple Forum-Discussion System 1.0 For example on three applications which are managetopic.php, manageuser.php, and ajax.php. The attacker can be retrieving all information from the database of this system by using this vulnerability...
CVE-2021-45255
The email parameter from ajax.php of Video Sharing Website 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's loadfile function with a UNC file path that references a URL on an external domain. The application interacted with that domain,...
CVE-2021-45252
Multiple SQL injection vulnerabilities are found on Simple Forum-Discussion System 1.0 For example on three applications which are managetopic.php, manageuser.php, and ajax.php. The attacker can be retrieving all information from the database of this system by using this vulnerability...
Video Sharing Website 1.0 SQL Injection Vulnerability
Title: Video Sharing Website 1.0 SQL - Injection Author: nu11secur1ty Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/14584/video-sharing-website-using-phpmysqli-source-code.html Description: The email parameter from ajax.php app of Video Sharing...
Video Sharing Website 1.0 SQL Injection
Title: Video Sharing Website 1.0 SQL - Injection Author: nu11secur1ty Date: 12.18.2021 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/14584/video-sharing-website-using-phpmysqli-source-code.html Description: The email parameter from ajax.php app o...
WOOCS < 1.3.7.3 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape the customprices parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin-ajax.php?action=woocsgetcustompricehtml&customprices=%3Cimg%20src%20onerror=alertXSS%3E...
Modern Events Calendar Lite < 6.2.0 - Subscriber+ Category Add Leading to Stored XSS
The plugin alloed any logged-in user, even a subscriber user, may add a category whose parameters are incorrectly escaped in the admin panel, leading to stored XSS. 1. Run the following JavaScript in the browser's web console as a subscriber user. 2. Authenticate in a separate browser as an admin...
Mediamatic < 2.8.1 - Subscriber+ SQL Injection
The mediamaticAjaxRenameCategory AJAX action of the plugin, available to any authenticated user, does not sanitise the categoryID parameter before using it in a SQL statement, leading to an SQL injection POST /wp-admin/admin-ajax.php HTTP/1.1 Accept:...
Backup and Restore <= 1.0.3 - Admin+ Arbitrary File Deletion
The plugin does not sanitise and validate the foldername parameter when deleting a report, which could allow high privilege users to delete arbitrary files on the web server, including those outside of the WordPress folder POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: / Accept-Language:...
WooCommerce Currency Switcher < 1.3.7.1 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape the key parameter of the woocsupdateprofilesdata AJAX action available to any authenticated user before outputting it back in the response, leading to a Reflected cross-Site Scripting issue " / var form1 = document.getElementById'hack'; form1.submit; POST...
Support Board < 3.3.6 - Arbitrary File Deletion via CSRF
The plugin does not have any CSRF checks in actions handled by the include/ajax.php file, which could allow attackers to make logged in users do unwanted actions. For example, make an admin delete arbitrary files PoC...
SEO Redirection < 8.2 - Subscriber+ SQL Injection
The importFromRedirection AJAX action of the plugin, available to any authenticated user, does not properly sanitise the offset parameter before using it in a SQL statement, leading an SQL injection when the redirection plugin is also installed POST /wp-admin/admin-ajax.php HTTP/1.1 Accept:...
Support Board 3.3.4 - (Message) Stored Cross-Site Scripting Vulnerability
Exploit Title: Support Board 3.3.4 - 'Message' Stored Cross-Site Scripting XSS Exploit Author: John Jefferson Li Vendor Homepage: https://board.support/ Software Link: https://codecanyon.net/item/support-board-help-desk-and-chat/20359943 Version: 3.3.4 Tested on: Ubuntu 20.04.2 LTS, Windows 10 PO...
Chameleon CSS <= 1.2 - Subscriber+ SQL Injection
The plugin does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform unauthorised actions. One of AJAX call, removecss, also does not sanitise or escape the cssid POST parameter before using it in a SQL...
Visitor Traffic Real Time Statistics < 3.9 - Subscriber+ SQL Injection
The plugin does not validate and escape user input passed to the todaytrafficindex AJAX action available to any authenticated users before using it in a SQL statement, leading to an SQL injection issue POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: application/json, text/javascript, /; q=0.01...