6 matches found
CVE-2019-25503 PHPads 2.0 SQL Injection via click.php3 bannerID
PHPads 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bannerID parameter in click.php3. Attackers can submit crafted bannerID values using SQL comment syntax and functions like extractvalue...
CVE-2019-25503
CVE-2019-25503 affects PHPads 2.0. The vulnerability is an SQL injection in the bannerID parameter of click.php3, allowing unauthenticated attackers to craft values (e.g., SQL comments, extractvalue) to execute arbitrary queries and reveal data such as the current database name. The impact is hig...
CVE-2024-31010
SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Banner.php...
CVE-2023-1471
The WP Popup Banners plugin for WordPress is vulnerable to SQL Injection via the 'bannerid' parameter in versions up to, and including, 1.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
PT-2023-17009 · WordPress · Wp Popup Banners
Name of the Vulnerable Software and Affected Versions: WP Popup Banners plugin for WordPress versions up to, and including, 1.2.5 Description: The issue allows for SQL Injection via the banner id parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient...
Revive Adserver Cross-Site Scripting Vulnerability (CNVD-2017-04905)
Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. Revive Adserver has a cross-site scripting vulnerability. A remote attacker can exploit this vulnerability to...