208 matches found
Joomla! J2 JOBS 1.3.0 - 'sortby' Authenticated SQL Injection
Exploit Title: Joomla! J2 JOBS 1.3.0 - 'sortby' Authenticated SQL Injection Date: 2020-06-17 Exploit Author: Mehmet Kelepçe / Gais Cyber Security Vendor Homepage: https://joomsky.com/ Software Link: https://joomsky.com/products/js-jobs-pro.html Change Log Update :...
CVE-2020-9269
SOPlanning 1.45 is vulnerable to authenticated SQL injection that leads to command execution via the users parameter of export_ical.php. The flaw enables an authenticated attacker to inject SQL through a parameter observed in export_ical.php, potentially causing code/command execution with high i...
CVE-2019-7484
Authenticated SQL Injection in SonicWall SMA100 allow user to gain read-only access to unauthorized resources using viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.3 and earlier...
CVE-2019-16404
OpenEMR is affected by a SQL Injection in interface/forms/eye_mag/js/eye_base.php (through OpenEMR 5.0.2 and earlier). The vulnerability arises from a non-parameterized INSERT INTO statement involving the providerID parameter, allowing an authenticated user to extract arbitrary data from the Open...
Sliced Invoices <= 3.8.2 - Multiple Vulnerabilities
- Unauthenticated information disclosure, allowing attackers to access arbitrary invoices and quotes containing PII - Authenticated SQL injection and information disclosure - Additional issues, such as lack of CSRF and Authorisation checks on AJAX methods used to search invoices. -...
Authenticated SQL Injection
katello is vulnerable to authenticated SQL injection attacks. These attacks are possible because there is a flaw in the input sanitization for the scoped search parameters sortby and sortorder...
Companion Auto Update <= 3.3.5 - Authenticated SQL Injection
The Companion Auto Update WordPress plugin was affected by an Authenticated SQL Injection security vulnerability...
CVE-2018-10351
A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRegistration2 class. Authentication is required to exploit this vulnerability...
Dbox 3D Slider Lite <= 1.2.2 - Multiple Authenticated SQL injection
During the security analysis, ThunderScan discovered SQL injection vulnerabilities in Dbox 3D Slider Lite WordPress plugin. The easiest way to reproduce the vulnerabilities is to modify the POST request for the slider rename or reorder and append parts of the SQL query to the currentsliderid...
FineCMS 1.0 - Multiple Vulnerabilities
Exploit Title: FineCMS 1.0 Multiple Vulnerabilities Dork: N/A Date: 29.08.2017 Vendor Homepage : http://mvc.net.pl/ Software Link: https://github.com/andrzuk/FineCMS Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Author: sohaip-hackerDZ Author Web:...
FineCMS 1.0 - Multiple Vulnerabilities
FineCMS 1.0 - Multiple Vulnerabilities Exploit Title: FineCMS 1.0 Multiple Vulnerabilities Dork: N/A Date: 29.08.2017 Vendor Homepage : http://mvc.net.pl/ Software Link: https://github.com/andrzuk/FineCMS Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Author:...
WordPress Plugin IBPS Online Exam <= 1.0 - Authenticated SQL Injection / Cross-Site Scripting
Exploit Author: 8bitsec Contact Author: https://twitter.com/8bitsec Stored XSS on exam input textfields and Blind SQL Injection on 'examappUserResult' page 'id' parameter. Authenticated Stored XSS: Logged as a student: Write the payload in the input textfields while attempting an exam. The payloa...
FineCMS multi vulnerablity
Reflected XSS in getimage.php Technical Description: file /application/lib/ajax/getimage.php the $POST'id' and $POST'name' and $GET'folder' without any validated, sanitised or output encoded. Proof of ConceptPoC http://yourfinecms/application/lib/ajax/getimage.php?folder=1 POST: id=1"alert1&name=...
WordPress WP Statistics plugin <=12.0.7 - Authenticated SQL Injection vulnerability
WordPress WP Statistic plugin in version 12.0.7 and earlier versions vulnerable to Authenticated SQL Injection vulnerability due to lack of sanitization in user-provided data. In this case users even with subscriber rights could use this vulnerability to steal sensitive data. Solution The plugin...
Calendar by WD <= 1.5.51 - Authenticated SQL injection
http://www.defensecode.com/advisories/DC-2017-01-017WordPressSpiderEventCalendarPluginAdvisory.pdf PoC Vulnerable POST URL: http://www.vulnerablesite.com/wpadmin/admin.php?page=SpiderCalendar=showmanageeventid=1 Vulnerable POST Body: searcheventsbytitle=a=2011-11-11=2017-11-...
Single Personal Message 1.0.3 – Authenticated SQL Injection
Type user access: any user. $GET‘message’ is not escaped. Is accessible for every registered user. PoC http://www.example.com/wp-admin/admin.php?page=simple-personal-message-outbox=view=0%20UNION%20SELECT%201,2.3,name,5,slug,7,8,9,10,11,12%20FROM%20wpterms%20WHERE%20termid=1...
Single Personal Message 1.0.3 – Authenticated SQL Injection
Type user access: any user. $GET‘message’ is not escaped. Is accessible for every registered user. http://www.example.com/wp-admin/admin.php?page=simple-personal-message-outbox&action=view&message=0%20UNION%20SELECT%201,2.3,name,5,slug,7,8,9,10,11,12%20FROM%20wpterms%20WHERE%20termid=1...
BigTree CMS 4.2.11 SQL Injection
ADVISORY INFORMATION ======================================== Title: BigTree CMS substr$page,1; else // It's an existing page $type = "EDIT"; $pending = false; $existingpage = BigTreeCMS::getPage$page; $existingpendingchange = sqlfetchsqlquery"SELECT id FROM bigtreependingchanges WHERE table =...
ManageEngine Applications Manager Build 12700 - Multiple Vulnerabilities
Exploit for jsp platform in category web applications Affected Software: ManageEngine Applications Manager Build No: 12700 Vulnerability: Information Disclosure and Un-Authenticated SQL injection. CVSSv3: 9.3 Severity: Critical Release Date: 2016-05-05 I. Background ManageEngine Applications...
ManageEngine Applications Manager Build 12700 - Multiple Vulnerabilities
SPSA-2016-02/ManageEngine ApplicationsManager------------------------------ SECURITY ADVISORY: SPSA-2016-02/ManageEngine Applications Manager Build No: 12700 Affected Software: ManageEngine Applications Manager Build No: 12700 Vulnerability: Information Disclosure and Un-Authenticated SQL...