291 matches found
Protect WP Admin < 4.0 - Unauthenticated Protection Bypass
The Protect WP Admin WordPress plugin before version 4.0 disclosed the URL of the admin panel through the redirection of a crafted URL, bypassing the protection offered. id: CVE-2023-3139 info: name: Protect WP Admin 4.0 - Unauthenticated Protection Bypass author: popcorn94 severity: medium...
Peplink Balance Two before 8.4.0 - Unauthenticated Config Upload
A vulnerability in Peplink Balance Two prior to version 8.4.0 allows unauthenticated attackers to modify captive portal configurations due to a missing authorization check. Specifically, attackers can upload files via /guest/portaladminupload.cgi, with the changes reflected at...
Request-Baskets <= 1.2.1 - Server Side Request Forgery
Request-Baskets = 1.2.1 allows unauthenticated SSRF via the forwardurl parameter when creating a new basket. id: CVE-2023-27163 info: name: Request-Baskets = 1.2.1 - Server Side Request Forgery author: Jaenact severity: medium description: | Request-Baskets = 1.2.1 allows unauthenticated SSRF via...
FortiWLM - Directory Traversal
A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests. id: CVE-2023-34990 info: name: FortiWLM - Directory Traversal author: DhiyaneshDk severity: critical...
CrafterCMS Engine - Cross-Site Scripting
CrafterCMS Engine is vulnerable to reflected cross-site scripting XSS via the transformerName parameter in the /api/1/site/url/transform endpoint, allowing attackers to execute arbitrary JavaScript in the context of the user. id: CVE-2023-4136 info: name: CrafterCMS Engine - Cross-Site Scripting...
PrestaShop `tshirtecommerce` Module - SQL Injection
The tshirtecommerce module for PrestaShop is vulnerable to unauthenticated SQL injection via the designer endpoint, allowing attackers to execute arbitrary SQL queries and extract sensitive information from the database. id: CVE-2023-27637 info: name: PrestaShop tshirtecommerce Module - SQL...
WeiYe-Jing datax-web <= 2.1.2 - OS Command Injection
A vulnerability, which was classified as critical, has been found in WeiYe-Jing datax-web 2.1.2. Affected by this issue is some unknown functionality of the file /api/log/killJob of the component HTTP POST Request Handler. The manipulation of the argument processId leads to os command injection...
openSIS v9.0 - Path Traversal
A path traversal vulnerability exists in openSIS Classic Community Edition v9.0 via the 'filename' parameter in DownloadWindow.php. An unauthenticated remote attacker can exploit this to read arbitrary files on the server by manipulating file paths. id: CVE-2023-38879 info: name: openSIS v9.0 -...
WordPress Job Portal < 2.0.6 - SQL Injection
The WP Job Portal WordPress plugin before 2.0.6 does not sanitise and escape the city parameter before using it in a SQL statement,leading to a SQL injection vulnerability that is exploitable by unauthenticated users. This vulnerability can be used to extractsensitive data from the database or...
Prime Mover < 1.9.3 - Sensitive Data Exposure
Prime Mover plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.2 via directory listing in the 'prime-mover-export-files/1/' folder. This makes it possible for unauthenticated attackers to extract sensitive data including site and...
Microweber < 1.2.11 - CRLF Injection
CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11. id: CVE-2022-0666 info: name: Microweber 1.2.11 - CRLF Injection author: ritikchaddha severity: high description: | CRLF Injection leads to Sta...
PHPJabbers Food Delivery Script - SQL Injection
PHPJabbers Food Delivery Script 3.0 has a SQL injection SQLi vulnerability in the "q" parameter of index.php. id: CVE-2023-40748 info: name: PHPJabbers Food Delivery Script - SQL Injection author: ritikchaddha severity: critical description: | PHPJabbers Food Delivery Script 3.0 has a SQL injecti...
PHPJabbers Yacht Listing Script v1.0 - Cross-Site Scripting
There is a Cross Site Scripting XSS vulnerability in the "action" parameter of index.php in PHPJabbers Yacht Listing Script v1.0. id: CVE-2023-40750 info: name: PHPJabbers Yacht Listing Script v1.0 - Cross-Site Scripting author: ritikchaddha severity: medium description: | There is a Cross Site...
Chaosblade < 1.7.4 - Remote Code Execution
exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication. id: CVE-2023-47105 info: name: Chaosblade 1.7.4 - Remote Code Execution author: s4e-io severity: high description: | exec.CommandContext in...
Embedded JavaScript(EJS) 3.1.6 - Template Injection
ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter. id: CVE-2023-29827 info: name: Embedded JavaScriptEJS 3.1.6 - Template Injection author:...
Quttera Web Malware Scanner <= 3.4.1.48 - Sensitive Data Exposure
The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code id: CVE-2023-6065 info: name: Quttera Web Malware Scanner = 3.4.1.48 - Sensitive Data Exposure...
QloApps 1.6.0 - SQL Injection
An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameters datefrom, dateto, and idproduct allows a remote attacker to retrieve the contents of an entire database. id: CVE-2023-36284 info: name: QloApps 1.6.0 - SQL Injection author: ritikchaddha severity: high...
MStore API < 3.9.8 - SQL Injection
The MStore API WordPress plugin before 3.9.8 is vulnerable to Blind SQL injection via the productid parameter. id: CVE-2023-3077 info: name: MStore API 3.9.8 - SQL Injection author: DhiyaneshDK severity: critical description: | The MStore API WordPress plugin before 3.9.8 is vulnerable to Blind S...
DedeCMS 5.7.87 - Directory Traversal
Directory traversal vulnerability in DedeCMS 5.7.87 allows reading sensitive files via the $activepath parameter. id: CVE-2023-2059 info: name: DedeCMS 5.7.87 - Directory Traversal author: pussycat0x severity: medium description: | Directory traversal vulnerability in DedeCMS 5.7.87 allows readin...
Label Studio - Sensitive Information Exposure
An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on the platform by exploiting Django's Object Relational Mapper ORM. Since the results of query can be manipulated by the ORM filter, an attacker can leak these sensitive fields character by...