CVE-2021-4404 Event Espresso 4 Decaf <= 4.10.11 - Cross-Site Request Forgery Bypass

The Event Espresso 4 Decaf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.11. This is due to missing or incorrect nonce validation on the ajaxHandler function. This makes it possible for unauthenticated attackers to op into notifications vi...

Sql injection

A vulnerability was found in FreePBX cdr 14.0. It has been classified as critical. This affects the function ajaxHandler of the file ucp/Cdr.class.php. The manipulation of the argument limit/offset leads to sql injection. Upgrading to version 14.0.5.21 is able to address this issue. The name of t...

CVE-2020-36630 FreePBX cdr Cdr.class.php ajaxHandler sql injection

A vulnerability was found in FreePBX cdr 14.0. It has been classified as critical. This affects the function ajaxHandler of the file ucp/Cdr.class.php. The manipulation of the argument limit/offset leads to sql injection. Upgrading to version 14.0.5.21 is able to address this issue. The name of t...

CVE-2020-36630

FreePBX cdr 14.0 is affected by a SQL injection in the ajaxHandler function of ucp/Cdr.class.php through manipulation of the limit/offset parameter. The issue is resolved by upgrading to version 14.0.5.21, with the patch identified as f1a9eea2dfff30fb99d825bac194a676a82b9ec8. Connected sources co...