48 matches found
REDCap < 9.1.2 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: REDCap - Details: Since it is an onkeypress event, it is triggered whenever the user touch any key and since the XSS payload is stored in the project name it appears in several pages. - Privileges: It requires admin privileges t...
CVE-2018-19514
In Webgalamb through 7.0, an arbitrary code execution vulnerability could be exploited remotely without authentication. Exploitation requires authentication bypass to access administrative functions of the site to upload a crafted CSV file with a malicious payload that becomes part of a PHP eval...
CVE-2018-12530
An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF...
Denial Of Service (DoS)
wger is vulnerable to denial-of-service DoS attacks. The vulnerability exists as there are no limit checks in the csv upload functionality and it is exploitable by importing large size csv...
WordPress ZX CSV Upload 1 Plugin - Authenticated SQL Injection
This plugin is prone to an SQL injection vulnerability. It allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...
WordPress ZX CSV Upload 1 Plugin - Authenticated SQL Injection
This plugin is prone to an SQL injection vulnerability. It allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...
WordPress Plugin Users Ultra 1.5.50 - Unrestricted Arbitrary File Upload
Exploit Title: WordPress Users Ultra Plugin Unrestricted File Upload Discovery Date: 2015/10/27 Public Disclosure Date: 2015/12/01 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: http://usersultra.com Software Link:...
WordPress Plugin Pie Register Has Unspecified Vulnerability
WordPress is the WordPress Software Foundation of a set of PHP language development of the blogging platform, the platform supports PHP and MySQL server set up a personal blog site . Pie Register is one of the plug-ins that support customizing the member registration landing page . A security...