NotificationX < 2.3.9 - Unauthenticated Blind SQL Injection

The plugin does not sanitise and escape the nxid parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection time wget 'https://example.com/?restroute=/notificationx/v1/analytics' --post-data="nxid=sleep2 -- x" -q -O-...

WordPress TI WooCommerce Wishlist plugin <= 1.40.0 - Unauthenticated Blind SQL Injection (SQLi) vulnerability

Unauthenticated Blind SQL Injection SQLi vulnerability discovered by Krzysztof Zając in WordPress TI WooCommerce Wishlist plugin versions = 1.40.0. Solution Update the WordPress TI WooCommerce Wishlist plugin to the latest available version at least 1.40.1...

TI WooCommerce Wishlist < 1.40.1 - Unauthenticated Blind SQL Injection

The plugins do not sanitise and escape the itemid parameter before using it in a SQL statement via the wishlist/removeproduct REST endpoint, allowing unauthenticated attackers to perform SQL injection attacks time wget...

WordPress Asgaros Forum plugin <= 1.15.20 - Blind SQL Injection (SQLi) vulnerability

Blind SQL Injection SQLi vulnerability discovered by Krzysztof Zając in WordPress Asgaros Forum plugin versions = 1.15.20. Solution Update the WordPress Asgaros Forum plugin to the latest available version at least 2.0.0...

Asgaros Forum < 2.0.0 - Subscriber+ Blind SQL Injection

The plugin does not sanitise and escape the postid parameter before using it in a SQL statement via a REST route of the plugin accessible to any authenticated user, leading to a SQL injection As any authenticated user, such as subscriber To get the nonce: /wp-admin/admin-ajax.php?action=rest-nonc...

CVE-2021-44249

Online Motorcycle Bike Rental System 1.0 is vulnerable to a Blind Time-Based SQL Injection attack within the login portal. This can lead attackers to remotely dump MySQL database credentials...

WordPress 5.8.3 Security Release

On January 6, 2022, the WordPress core team released WordPress version 5.8.3, which contains security patches for 4 high-severity vulnerabilities. These patches were backported to every version of WordPress since 3.7. WordPress has supported automatic core updates for security releases since...

Paid Memberships Pro < 2.6.7 - Unauthenticated Blind SQL Injection

The plugin does not escape the discountcode in one of its REST route available to unauthenticated users before using it in a SQL statement, leading to a SQL injection PoC https://example.com/?restroute=/pmpro/v1/checkoutlevelid=3code=%27%20%20union%20select%20sleep1%20--%20g...

Paid Memberships Pro < 2.6.7 - Unauthenticated Blind SQL Injection

The plugin does not escape the discountcode in one of its REST route available to unauthenticated users before using it in a SQL statement, leading to a SQL injection https://example.com/?restroute=/pmpro/v1/checkoutlevel&levelid=3&discountcode=%27%20%20union%20select%20sleep1%20--%20g...

CVE-2021-3860

JFrog Artifactory before 7.25.4 Enterprise+ deployments only, is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query...

CVE-2021-3860

JFrog Artifactory before 7.25.4 Enterprise+ deployments only, is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query...

Sql injection

JFrog Artifactory before 7.25.4 Enterprise+ deployments only, is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query...

CVE-2021-3860

JFrog Artifactory before 7.25.4 Enterprise+ deployments only, is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query...

CVE-2021-3860

JFrog Artifactory before 7.25.4 Enterprise+ deployments only, is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query...

PT-2021-22238 · Jfrog · Jfrog Artifactory

Name of the Vulnerable Software and Affected Versions: JFrog Artifactory versions prior to 7.25.4 Description: The issue is related to Blind SQL Injection, which can be exploited by a low-privileged authenticated user due to incomplete validation when performing an SQL query. Recommendations: For...

CVE-2021-24946 Modern Events Calendar < 6.1.5 - Unauthenticated Blind SQL Injection

The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mecloadsinglepage AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue...

GHSA-6XXJ-GCJQ-WGF4 SQL injection in prestashop/prestashop

Impact Blind SQLi using Search filters with orderBy and sortOrder parameters Patches The problem is fixed in 1.7.8.2...

CVE-2021-40578

CVE-2021-40578 affects PayPal Free Source Code 1.0 Online Enrollment Management System. The vulnerability is an Authenticated Blind & Error-based SQL injection via the IDNO parameter, enabling an attacker with valid credentials to access sensitive data and execute arbitrary SQL commands. Document...

CVE-2021-43789

PrestaShop is an Open Source e-commerce web application. Versions of PrestaShop prior to 1.7.8.2 are vulnerable to blind SQL injection using search filters with orderBy and sortOrder parameters. The problem is fixed in version 1.7.8.2...

Sql injection

PrestaShop is an Open Source e-commerce web application. Versions of PrestaShop prior to 1.7.8.2 are vulnerable to blind SQL injection using search filters with orderBy and sortOrder parameters. The problem is fixed in version 1.7.8.2...