CVE-2025-8982

A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. This vulnerability affects unknown code of the file /admin/operations/currency.php. The manipulation of the argument currcode leads to sql injection. The attack can be initiated remotely. The exploit has...

CVE-2025-8982 itsourcecode Online Tour and Travel Management System currency.php sql injection

A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. This vulnerability affects unknown code of the file /admin/operations/currency.php. The manipulation of the argument currcode leads to sql injection. The attack can be initiated remotely. The exploit has...

CVE-2025-8982

The CVE affects itsourcecode Online Tour and Travel Management System 1.0, specifically the /admin/operations/currency.php file. The vulnerability arises from unsafely handling the curr_code parameter, enabling SQL injection. It is exploitable remotely, and public exploit disclosure exists. Multi...

CVE-2024-5793

The Houzez Theme - Functionality plugin for WordPress is vulnerable to SQL Injection via the ‘currencycode’ parameter in all versions up to, and including, 3.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

CVE-2024-5793

CVE-2024-5793 affects the Houzez Theme - Functionality plugin for WordPress. It is an SQL Injection vulnerability via the currency_code parameter in all versions up to 3.2.2, caused by insufficient escaping and inadequate query preparation. The issue can be exploited by authenticated attackers wi...

PT-2024-37159 · WordPress · The Houzez Theme

Name of the Vulnerable Software and Affected Versions: The Houzez Theme - Functionality plugin for WordPress versions up to, and including, 3.2.2 Description: The issue is related to SQL Injection via the currency code parameter due to insufficient escaping on the user-supplied parameter and lack...

PT-2023-33067 · Stripe +2 · Stripe +2

Name of the Vulnerable Software and Affected Versions: Vendure versions prior to 2.1.3 Description: The issue allows selecting any currency code, not limited to those assigned to the channel, and completing payments through Mollie and Stripe in that currency. This results in orders being settled ...

WordPress Stripe Payments 2.0.39 Cross Site Scripting

Exploit Title: WordPress Plugin Stripe Payments 2.0.39 - 'AcceptStripePayments-settingscurrencycode' Stored XSS Date: 04-01-2021 Software Link: https://wordpress.org/plugins/stripe-payments/developers Exploit Author: Park Won Seok Contact: [email protected] Category: Webapps Version:...

Description of the Security and Quality Rollup for .NET Framework 3.5 for Windows Server 2012 (KB 4459932)

Description of the Security and Quality Rollup for .NET Framework 3.5 for Windows Server 2012 KB 4459932 Applies to: Microsoft .NET Framework 3.5 Notice This update is included in the Preview of Quality Rollup that's dated November 27, 2018. This update was previously released as part of the...

November 8, 2016 — KB3200970 (OS Build 14393.447)

November 8, 2016 — KB3200970 OS Build 14393.447 This update includes quality improvements and security updates. No new operating system features are being introduced in this update. Key changes include: Improved the reliability of multimedia audio, Remote Desktop, and Internet Explorer 11...