Lucene search
K

7 matches found

Vulnrichment
Vulnrichment
added 2026/04/11 1:24 a.m.2 views

CVE-2026-5144 BuddyPress Groupblog <= 1.9.3 - Authenticated (Subscriber+) Privilege Escalation to Administrator via Group Blog IDOR

The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog settings handler accepting the groupblog-blogid, default-member, and groupblog-silent-add parameters from user input without proper...

8.8CVSS5.6AI score0.00406EPSS
Exploits0References8
OSV
OSV
added 2025/01/09 3:15 a.m.5 views

CVE-2024-13204

A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /blog-details.php. The manipulation of the argument blogid leads to sql injection. The attack can be launched remotely. The...

8CVSS5.7AI score0.0054EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/01/09 12:0 a.m.20 views

PT-2025-2062 · Unknown · Kurniaramadhan E-Commerce-Php

Name of the Vulnerable Software and Affected Versions: kurniaramadhan E-Commerce-PHP version 1.0 Description: A critical issue affects an unknown functionality of the file /blog-details.php. The manipulation of the blog id argument leads to SQL injection. The attack can be launched remotely. The...

8CVSS6.2AI score0.0054EPSS
Exploits1References8
wpexploit
wpexploit
added 2023/05/30 12:0 a.m.301 views

Jetpack < 12.1.1 - Author+ Arbitrary File Manipulation via API

The plugin does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization. curl --json ' "media": "tmpname": "/WPCONTENTPATH/wp-config.php",...

8.8CVSS9.6AI score0.04824EPSS
Exploits2References1
Prion
Prion
added 2022/04/15 8:15 p.m.11 views

Sql injection

Chamilo LMS v1.11.13 was discovered to contain a SQL injection vulnerability via the blogid parameter at /blog/blog.php...

7.5CVSS9.8AI score0.00954EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/01/29 5:29 a.m.4 views

CVE-2018-6363

SQL Injection exists in Task Rabbit Clone 1.0 via the singleblog.php id parameter...

9.8CVSS5.8AI score0.02998EPSS
Exploits1References2
exploitpack
exploitpack
added 2008/01/21 12:0 a.m.5500 views

BoastMachine 3.1 - mail.php id SQL Injection

BoastMachine 3.1 - mail.php id SQL Injection ...:::::boastMachine =3.1 SQL Injection Vulnerbility ::::.... Virangar Security Team www.virangar.org www.virangar.net -------- Discoverd By :virangar security teamhadihadi special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra & all virangar members &...

0.1AI score
Exploits0
Rows per page
Query Builder