PT-2024-33578 · WordPress · Duplicate Title Validate

Name of the Vulnerable Software and Affected Versions: Duplicate Title Validate versions n/a through 1.0 Description: The issue is related to an SQL Injection vulnerability, specifically an improper neutralization of special elements used in an SQL command. This allows for Blind SQL Injection,...

WordPress LearnPress Unauthenticated SQLi (CVE-2024-8522, CVE-2024-8529)

The LearnPress WordPress LMS Plugin up to version 4.2.7 is vulnerable to SQL injection via the 'conlyfields' and 'cfields' parameters. This allows unauthenticated attackers to exploit blind SQL injections and extract sensitive information. Module Options msf use...

WordPress WP Fastest Cache Unauthenticated SQLi (CVE-2023-6063)

WP Fastest Cache, a WordPress plugin, prior to version 1.2.2, is vulnerable to an unauthenticated SQL injection vulnerability via the 'wordpressloggedin' cookie. This can be exploited via a blind SQL injection attack without requiring any authentication. Module Options msf use...

CVE-2024-47911

In SonarSource SonarQube 10.4 through 10.5 before 10.6, a vulnerability was discovered in the authorizations/group-memberships API endpoint that allows SonarQube users with the administrator role to inject blind SQL commands...

CVE-2024-47911

In SonarSource SonarQube 10.4 through 10.5 before 10.6, a vulnerability was discovered in the authorizations/group-memberships API endpoint that allows SonarQube users with the administrator role to inject blind SQL commands...

CVE-2024-47911

In SonarSource SonarQube 10.4–10.5 (before 10.6), a vulnerability exists in the authorizations/group-memberships API endpoint that allows users with the administrator role to inject blind SQL commands. The issue is triggered via the group-memberships authorization path, enabling SQL injection wit...

CVE-2024-47911

In SonarSource SonarQube 10.4 through 10.5 before 10.6, a vulnerability was discovered in the authorizations/group-memberships API endpoint that allows SonarQube users with the administrator role to inject blind SQL commands...

Blood Pressure Monitoring System 1.0 SQL Injection

============================================================================================================================================= | Title : Blood Pressure Monitoring System 1.0 Blind Sql Injection injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browse...

Cisco Identity Services Engine REST API Blind SQLi (cisco-sa-ise-rest-5bPKrNtZ)

According to its self-reported version, Cisco Identity Services Engine REST API Blind SQL Injection Vulnerabilities is affected by a Blind SQL Injection SQLi vulnerability. - Multiple vulnerabilities in the REST API of Cisco Identity Services Engine ISE could allow an authenticated, remote attack...

CVE-2024-7076

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows Blind SQL Injection. This issue affects Semtek Sempos: through 31072024...

CVE-2024-6919

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Blind SQL Injection. This issue affects NACPremium: through 01082024...

CVE-2024-6919

CVE-2024-6919 is a SQL injection vulnerability in NAC Premium (NACPremium) caused by improper neutralization of special elements, enabling blind SQL injection. Affected versions are through 01082024. Connected documents consistently reference this as a NACPremium issue with potential data exposur...

WordPress ChopSlider3 Id SQL Injection Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress ChopSlider3 id SQLi Scanner', 'Description' = %q The iDangero.us Chop Slider 3 WordPress plugin version 3.4 and prior contains a blind...

Grandstream UCM62xx IP PBX WebSocket Blind SQL Injection Credential Dump

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Grandstream UCM62xx IP PBX WebSocket Blind SQL Injection Credential Dump', 'Description' = %q This module uses a blind SQL injection CVE-2020-572...

CVE-2024-20417

Multiple vulnerabilities in the REST API of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct blind SQL injection attacks. These vulnerabilities are due to insufficient validation of user-supplied input in REST API calls. An attacker could exploit these...

CVE-2023-3416

The tagDiv Opt-In Builder plugin is vulnerable to Blind SQL Injection via the 'subscriptionCouponId' parameter via the 'createstripesubscription' REST API endpoint in versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...

CVE-2023-3419

The tagDiv Opt-In Builder plugin is vulnerable to Blind SQL Injection via the 'couponId' parameter of the 'recreatestripesubscription' REST API endpoint in versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2023-3419

CVE-2023-3419 concerns tagDiv Opt-In Builder (WordPress plugin) with a Blind SQL Injection in the couponId parameter of the recreate_stripe_subscription REST endpoint. Affected versions up to and including 1.4.4 allow an authenticated administrator to append SQL statements to existing queries, en...

ReadyMade Unilevel Ecommerce MLM Blind SQL Injection / Cross Site Scripting

x========================================================================================================================================x | Title : Readymade Unilevel Ecommerce MLM Blind SQL & XSS Vulnerabilities | Software : Readymade Unilevel Ecommerce | Last Update : 15/03/24 TESTED VERSION...

Admidio has Blind SQL Injection in ecard_send.php

Description: An SQL Injection has been identified in the /admprogram/modules/ecards/ecardsend.php source file of the Admidio Application. The SQL Injection results in a compromise of the application's database. The value of ecardrecipients POST parameter is being directly concatenated with the SQ...