205 matches found
PT-2025-1722 · WordPress · Cost Calculator Builder
Name of the Vulnerable Software and Affected Versions: Cost Calculator Builder PRO plugin for WordPress versions up to, and including, 3.2.15 Description: The issue is related to blind time-based SQL Injection via the data parameter due to insufficient escaping on the user-supplied parameter and...
Maid Hiring Management System /admin/search-maid.php File SQL Injection Vulnerability
Maid Hiring Management System is a maid hiring management system. The Maid Hiring Management System suffers from a SQL injection vulnerability that originates from insufficient validation of the searchdata parameter in file /admin/search-maid.php. An attacker can use this vulnerability to send a...
Maid Hiring Management System search-booking-request.php file cross-site scripting vulnerability
Maid Hiring Management System is a maid hiring management system. Maid Hiring Management System suffers from a cross-site scripting vulnerability that stems from the lack of adequate validation and filtering of searchdata parameter inputs in the file /admin/search-booking-request.php. No details ...
Image Access Scan2Net 安全漏洞
Image Access Scan2Net is a scanning software from Image Access, Germany. A security vulnerability exists in Image Access Scan2Net versions 7.40 and earlier, 7.42 and earlier, and 7.42B and earlier, which stems from improper cleaning of the HTTP GET parameter data, which allows an attacker to acce...
PT-2024-22288 · Unknown · Image Access Scan2Net
Name of the Vulnerable Software and Affected Versions: Image Access Scan2Net versions affected versions not specified Description: An unauthenticated attacker with network access to the affected device's web interface can execute any system command via the "msg events.php" script as the www-data...
CVE-2023-26688
Cross Site Scripting XSS vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the productdata parameter of add/edit product in the administration interface...
CVE-2023-26688
Cross Site Scripting XSS vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the productdata parameter of add/edit product in the administration interface...
CS-Cart 安全漏洞
CS-Cart is an e-commerce platform from CS-Cart Inc. A security vulnerability exists in CS-Cart version 4.16.1. A remote attacker can exploit the vulnerability to obtain sensitive information via the productdata parameter in the PDF add-on...
PT-2024-12108 · Cs Cart Multivendor +1 · Pdf Add-On +1
Name of the Vulnerable Software and Affected Versions: CS-Cart MultiVendor version 4.16.1 Description: The issue allows remote attackers to obtain sensitive information via the product data parameter in the PDF Add-on. This is a Directory Traversal vulnerability, which can be exploited to access...
PT-2024-20859 · Unknown · 3Dsecure 2.0
Name of the Vulnerable Software and Affected Versions: 3DSecure 2.0 version 3DS Authorization Method Description: The issue concerns multiple reflected Cross-Site Scripting XSS vulnerabilities in the 3DS Authorization Method of 3DSecure 2.0. This vulnerability allows reflected XSS via the...
WordPress plugin LiquidPoll 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2024-38355 · Unknown · Itsourcecode Ticket Reservation System
Name of the Vulnerable Software and Affected Versions: itsourcecode Ticket Reservation System version 1.0 Description: A critical issue has been found in the itsourcecode Ticket Reservation System, affecting some unknown functionality of the file checkout ticket save.php. The manipulation of the...
PT-2024-37102 · WordPress · Timeline Event History Plugin
Name of the Vulnerable Software and Affected Versions: Timeline Event History plugin for WordPress versions up to, and including, 3.1 Description: The issue allows authenticated attackers with Contributor-level access and above to inject a PHP Object via deserialization of untrusted input...
CVE-2024-39165
QR/demoapp/qrimage.php in Asial JpGraph Professional through 4.2.6-pro allows remote attackers to execute arbitrary code via a PHP payload in the data parameter in conjunction with a .php file name in the filename parameter. This occurs because an unnecessary QR/demoapp folder.is shipped with the...
Asial JpGraph Security Vulnerability
Asial JpGraph is an object-oriented PHP graph creation library from Asial. A security vulnerability exists in Asial JpGraph version 4.2.6-pro and prior versions. A remote attacker can use this vulnerability to execute arbitrary code via a PHP load in the data parameter and a .php filename in the...
PT-2024-28374
Name of the Vulnerable Software and Affected Versions: Asial JpGraph Professional versions 4.2.6-pro and earlier Description: The issue allows remote attackers to execute arbitrary code via a PHP payload in the data parameter in conjunction with a .php file name in the filename parameter. This...
WordPress Unlimited Elements For Elementor plugin <= 1.5.109 - Authenticated (Contributor+) Blind SQL Injection via data[addonID] Parameter vulnerability
Authenticated Contributor+ Blind SQL Injection via dataaddonID Parameter vulnerability discovered by Khayal Farzaliyev shaman0x01 in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 1.5.109...
CVE-2024-4779
The Unlimited Elements For Elementor Free Widgets, Addons, Templates plugin for WordPress is vulnerable to SQL Injection via the ‘datapostids0’ parameter in all versions up to, and including, 1.5.107 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...
PT-2024-26520 · WordPress · Penci Soledad Data Migrator
Name of the Vulnerable Software and Affected Versions: Penci Soledad Data Migrator plugin for WordPress versions up to, and including, 1.3.0 Description: The Penci Soledad Data Migrator plugin for WordPress is vulnerable to Local File Inclusion via the data parameter. This allows unauthenticated...
Cybrosys Techno Solutions Text Commander 安全漏洞
Cybrosys Techno Solutions Text Commander is an application from Cybrosys Techno Solutions. A security vulnerability exists in Cybrosys Techno Solutions Text Commander versions 16.0 through 16.0.1. A remote attacker can exploit the vulnerability to gain privileges via the data parameter of...