7 matches found
CVE-2022-2151 Best Contact Management Software <= 3.7.3 - Admin+ Stored Cross-Site Scripting
The Best Contact Management Software WordPress plugin through 3.7.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-2151
CVE-2022-2151 affects the WordPress plugin “Best Contact Management Software” up to version 3.7.3. The issue is a failure to sanitize/escape certain plugin settings, enabling stored cross-site scripting (XSS) by high-privilege users (e.g., admin) even when unfiltered_html is disallowed. The vulne...
Best Contact Management Software <= 3.7.3 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payload in the "No Access Message" settings...
Sql injection
SQL injection vulnerability in asadmin/default.asp in Rae Media Contact Management Software SOHO, Standard, and Enterprise allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: some of these details are obtained from third party information...
CVE-2008-6389
SQL injection vulnerability in asadmin/default.asp in Rae Media Contact Management Software SOHO, Standard, and Enterprise allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: some of these details are obtained from third party information...
CVE-2008-6389
The CVE-2008-6389 entry concerns a SQL injection in Rae Media Contact Management Software (SOHO, Standard, Enterprise) via asadmin/default.asp, exploited through the Password parameter. Root cause: improper handling of input in the Password field leads to arbitrary SQL execution by remote attacke...
CVE-2008-6389
SQL injection vulnerability in asadmin/default.asp in Rae Media Contact Management Software SOHO, Standard, and Enterprise allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: some of these details are obtained from third party information...