CVE-2026-5144

The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog settings handler accepting the groupblog-blogid, default-member, and groupblog-silent-add parameters from user input without proper...

CVE-2026-5144

The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog settings handler accepting the groupblog-blogid, default-member, and groupblog-silent-add parameters from user input without proper...

PT-2026-32089

The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog settings handler accepting the groupblog-blogid, default-member, and groupblog-silent-add parameters from user input without proper...

某通用教育系统#SQL注入#

简要描述： 教育系统，危害很大啊 详细说明： 1.通用程序的介绍 1、建站程序类型：JSP+Oracle 2、漏洞类型：SQL注入 3、注入参数：blogId 4、危害程度：高危 8、涉及厂商：上海释锐教育软件有限公司 9、厂商网站：http://threeoa.com/ 10、是否拥有源代码分析：暂无 12、inurl:space?blogId= 13、是否默认配置：是 14、枚举案例【应乌云的要求，枚举5例】： http://www.threeoa.com/ 附官网一枚 http://www.hshsh.pudong-edu.sh.cn/...

CVE-2008-5930

SQL injection vulnerability in admin/blogcomments.asp in The Net Guys ASPired2Blog allows remote attackers to execute arbitrary SQL commands via the BlogID parameter...

CVE-2008-5930

SQL injection vulnerability in admin/blogcomments.asp in The Net Guys ASPired2Blog allows remote attackers to execute arbitrary SQL commands via the BlogID parameter...

PLog 1.0.6 - albumID SQL Injection

PLog 1.0.6 - albumID SQL Injection pLog albumId Remote Sql Ä°nj. DreamTurk / [email protected] Down : http://sourceforge.net/project/showfiles.php?groupid=83964&packageid=86556 http://localhost/index.php?op=ViewAlbum&albumId=-1//union//select//0,1,user,password,4,5,6,7,8 from plogusers/&blogId=...

SQL injection Seir Anphin v666 Community Management System

CR Advisory1 programm: Seir Anphin v666 Community Management System bug: SQL injection home page: www.comeplaydying.com bug found: 27.07.2006 discovered by CR www.svt.nukleon.us ! Details ! ============================================================================================ index.php...

PT-2006-2101 · Simplog · Simplog

Name of the Vulnerable Software and Affected Versions: Simplog versions 1.0.2 and earlier Description: A directory traversal issue exists, allowing remote attackers to include or read arbitrary .txt files. This is achieved via the act and blogid parameters in the index.php file. Recommendations:...

CVE-2005-1483

Multiple cross-site scripting XSS vulnerabilities in ArticleLive 2005 allow remote attackers to inject arbitrary web script or HTML via the 1 Query, 2 Username, 3 LastName, 4 Biography, or 5 BlogId parameter...