Modern Events Calendar Lite < 5.16.6 - Authenticated SQL Injection

The plugin did not sanitise the mecpostid POST parameter in the mecfesform AJAX action when logged in as an author+, leading to an authenticated SQL Injection issue. If the Frontend Event Submission form is embed in a public page, then it could lead to any authenticated user, like subscribers to...

WordPress Slider by 10Web plugin <= 1.2.35 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities

Multiple Authenticated SQL Injection SQLi vulnerabilities found by Nguyen Anh Tien in WordPress Slider by 10Web plugin versions = 1.2.35. Solution Update the WordPress Slider by 10Web plugin to the latest available version at least 1.2.36...

WordPress Recall Products plugin <= 0.8 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability found by ZERO APTITUDE in WordPress Recall Products plugin versions = 0.8. Solution 2020-09-16 - we were unable to find a patched version of this plugin. WordPress.org notification: "This plugin has been closed as of July 28, 2020 and is not availabl...

Recall Products <= 0.8 - Authenticated SQL Injection

The Manufacturer POST parameter is vulnerable to SQL injection when submitting a deletion request. The PoC will be displayed once the issue has been remediated...

Joomla! J2 JOBS 1.3.0 - &#039;sortby&#039; Authenticated SQL Injection

Exploit Title: Joomla! J2 JOBS 1.3.0 - 'sortby' Authenticated SQL Injection Date: 2020-06-17 Exploit Author: Mehmet Kelepçe / Gais Cyber Security Vendor Homepage: https://joomsky.com/ Software Link: https://joomsky.com/products/js-jobs-pro.html Change Log Update :...

CVE-2020-9269

SOPlanning 1.45 is vulnerable to authenticated SQL injection that leads to command execution via the users parameter of export_ical.php. The flaw enables an authenticated attacker to inject SQL through a parameter observed in export_ical.php, potentially causing code/command execution with high i...

CVE-2019-7484

Authenticated SQL Injection in SonicWall SMA100 allow user to gain read-only access to unauthorized resources using viewcacert CGI script. This vulnerability impacted SMA100 version 9.0.0.3 and earlier...

CVE-2019-16404

OpenEMR is affected by a SQL Injection in interface/forms/eye_mag/js/eye_base.php (through OpenEMR 5.0.2 and earlier). The vulnerability arises from a non-parameterized INSERT INTO statement involving the providerID parameter, allowing an authenticated user to extract arbitrary data from the Open...

Sliced Invoices <= 3.8.2 - Multiple Vulnerabilities

- Unauthenticated information disclosure, allowing attackers to access arbitrary invoices and quotes containing PII - Authenticated SQL injection and information disclosure - Additional issues, such as lack of CSRF and Authorisation checks on AJAX methods used to search invoices. -...

Authenticated SQL Injection

katello is vulnerable to authenticated SQL injection attacks. These attacks are possible because there is a flaw in the input sanitization for the scoped search parameters sortby and sortorder...

Companion Auto Update <= 3.3.5 - Authenticated SQL Injection

The Companion Auto Update WordPress plugin was affected by an Authenticated SQL Injection security vulnerability...

CVE-2018-10351

A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRegistration2 class. Authentication is required to exploit this vulnerability...

Dbox 3D Slider Lite <= 1.2.2 - Multiple Authenticated SQL injection

During the security analysis, ThunderScan discovered SQL injection vulnerabilities in Dbox 3D Slider Lite WordPress plugin. The easiest way to reproduce the vulnerabilities is to modify the POST request for the slider rename or reorder and append parts of the SQL query to the currentsliderid...

FineCMS 1.0 - Multiple Vulnerabilities

FineCMS 1.0 - Multiple Vulnerabilities Exploit Title: FineCMS 1.0 Multiple Vulnerabilities Dork: N/A Date: 29.08.2017 Vendor Homepage : http://mvc.net.pl/ Software Link: https://github.com/andrzuk/FineCMS Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Author:...

FineCMS 1.0 - Multiple Vulnerabilities

Exploit Title: FineCMS 1.0 Multiple Vulnerabilities Dork: N/A Date: 29.08.2017 Vendor Homepage : http://mvc.net.pl/ Software Link: https://github.com/andrzuk/FineCMS Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Author: sohaip-hackerDZ Author Web:...

WordPress Plugin IBPS Online Exam <= 1.0 - Authenticated SQL Injection / Cross-Site Scripting

Exploit Author: 8bitsec Contact Author: https://twitter.com/8bitsec Stored XSS on exam input textfields and Blind SQL Injection on 'examappUserResult' page 'id' parameter. Authenticated Stored XSS: Logged as a student: Write the payload in the input textfields while attempting an exam. The payloa...

FineCMS multi vulnerablity

Reflected XSS in getimage.php Technical Description: file /application/lib/ajax/getimage.php the $POST'id' and $POST'name' and $GET'folder' without any validated, sanitised or output encoded. Proof of ConceptPoC http://yourfinecms/application/lib/ajax/getimage.php?folder=1 POST: id=1"alert1&name=...

WordPress WP Statistics plugin <=12.0.7 - Authenticated SQL Injection vulnerability

WordPress WP Statistic plugin in version 12.0.7 and earlier versions vulnerable to Authenticated SQL Injection vulnerability due to lack of sanitization in user-provided data. In this case users even with subscriber rights could use this vulnerability to steal sensitive data. Solution The plugin...

Calendar by WD <= 1.5.51 - Authenticated SQL injection

http://www.defensecode.com/advisories/DC-2017-01-017WordPressSpiderEventCalendarPluginAdvisory.pdf PoC Vulnerable POST URL: http://www.vulnerablesite.com/wpadmin/admin.php?page=SpiderCalendar=showmanageeventid=1 Vulnerable POST Body: searcheventsbytitle=a=2011-11-11=2017-11-...

Single Personal Message 1.0.3 – Authenticated SQL Injection

Type user access: any user. $GET‘message’ is not escaped. Is accessible for every registered user. http://www.example.com/wp-admin/admin.php?page=simple-personal-message-outbox&action=view&message=0%20UNION%20SELECT%201,2.3,name,5,slug,7,8,9,10,11,12%20FROM%20wpterms%20WHERE%20termid=1...