CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Clockwork Clockwork SMS Notfications.This issue affects Clockwork SMS Notfications: from n/a through 3.0.4...

7.6CVSS7.8AI score0.00291EPSS

Exploits0References1

Tenable Nessus•added 2024/10/29 12:0 a.m.•5 views

Clockwork Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Clockwork instance on the target application. No source data...

7.2AI score

Exploits0References2

Tenable Nessus•added 2024/10/29 12:0 a.m.•5 views

Clockwork Unrestricted Access

By default, Clockwork does not require authentication to access the dashboard. This allows an attacker to access sensitive data such as database queries and incoming requests. No source data...

7.3AI score

Exploits0References3

OSV•added 2023/12/28 7:15 p.m.•1 views

CVE-2023-50843

7.2CVSS7.3AI score0.00291EPSS

Exploits0References1

NVD•added 2023/12/28 7:15 p.m.•9 views

CVE-2023-50843

7.6CVSS0.00291EPSS

Exploits0References1

Prion•added 2023/12/28 7:15 p.m.•12 views

Sql injection

5.8CVSS7.9AI score0.00291EPSS

Exploits0References1Affected Software1

CVE•added 2023/12/28 6:30 p.m.•57 views

CVE-2023-50843

CVE-2023-50843 pertains to Clockwork SMS Notfications for WordPress. The vulnerability is an SQL Injection due to improper input handling in the plugin, affecting versions from n/a up to 3.0.4. The exploitation would be via an authenticated context (Authenticated(Administrator+) as indicated in r...

7.6CVSS7.8AI score0.00291EPSS

Exploits0References1Affected Software1

CNNVD•added 2023/12/28 12:0 a.m.•0 views

WordPress Plugin Clockwork SMS Notfications SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Clockwork SMS Notfications...

7.6CVSS7.6AI score0.00291EPSS

Exploits0References2

Patchstack•added 2023/12/21 12:0 a.m.•8 views

WordPress Clockwork SMS Notfications Plugin <= 3.0.4 is vulnerable to SQL Injection

Software Clockwork SMS Notfications Type Plugin Vulnerable versions = 3.0.4 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-50843 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 56466c20b5e4 Credits Mika Required privilege Administrator...

7.6CVSS6.8AI score0.00291EPSS

Exploits0References1Affected Software1

vulnersOsv•added 2023/07/30 12:0 p.m.•0 views

anchor-client (=0.26.0), basejmp (=0.1.0) +250 more potentially affected by unknown CVE via dlopen_derive (=0.1.4)

dlopenderive CARGO version =0.1.4 is affected by a known vulnerability. The following packages have a transitive dependency on dlopenderive and may be impacted: - anchor-client =0.26.0 - basejmp =0.1.0 - bonfida-test-utils =0.1.0 - bonfida-utils =0.2.3, =0.2.0, =1.0.4, =2.0.16, =1.4.2, =1.3.0,...

5.8AI score

Exploits0

Snyk•added 2023/02/02 11:56 a.m.•1 views

Cross-site Request Forgery (CSRF)

Overview clockworkweb is a web interface for Clockwork Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the homecontroller.rb class. Remediation Upgrade clockworkweb to version 0.1.2 or higher. References - GitHub Commit - GitHub Issue...

6.5CVSS7AI score0.00134EPSS

Exploits0References2

OSV•added 2023/02/02 6:30 a.m.•16 views

GHSA-P4XX-W6FR-C4W9 Clockwork Web contains a Cross-Site Request Forgery Vulnerability with Rails < 5.2

Clockwork Web before 0.1.2, when used with Rails before 5.2 is used, allows Cross-Site Request Forgery CSRF. A CSRF attack works by getting an authorized user to visit a malicious website and then performing requests on behalf of the user. In this instance, actions include enabling and disabling...

6.5CVSS6.3AI score0.00134EPSS

Exploits0References6