CVE-2024-10311

The External Database Based Actions plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.1. This is due to a missing capability check in the 'edbaadminhandle' function. This makes it possible for authenticated attackers, with subscriber-level permissions...

WordPress Bravo Translate 1.2 SQL Injection

Exploit Title: WP Plugins Bravo Translate = 1.2 - SQL Injection Date: 09-12-2023 Exploit Author: Arvandy Software Link: https://wordpress.org/plugins/bravo-translate/ Version: 1.2 Tested on: Windows, Linux CVE: CVE-2023-49161 Product Description This plugin allow you to translate your monolingual...

Themerig Find a Place CMS Directory SQL Injection Vulnerability

Themerig Find a Place CMS Directory is a content management system CMS. SQL injection vulnerability exists in Themerig Find a Place CMS Directory version 1.5, which stems from the lack of validation of externally entered SQL statements in database-based applications, and can be exploited by...

WordPress Perfect Survey插件SQL注入漏洞

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language.The WordPress Perfect Survey plugin has a SQL injection vulnerability in versions prior to 1.5.2, which stems from the lack of validation of externally entered SQL statements in database-based...

CuppaCMS SQL Injection Vulnerability (CNVD-2022-22322)

CuppaCMS is a content management system CMS.A SQL injection vulnerability exists in CuppaCMS, which stems from the lack of validation of externally entered SQL statements in the database-based application. An attacker could exploit this vulnerability to execute illegal SQL commands...

Victor CMS users.php SQL注入漏洞

Victor CMS is an open source content management system from the individual developers of Victor Alagwu in Nigeria. victor CMS has a SQL injection vulnerability in v1.0, which stems from the lack of validation of externally entered SQL statements in database-based applications. An attacker could...

Victor CMS has an unspecified vulnerability

Victor CMS is an open source content management system from the individual developers of Victor Alagwu in Nigeria.A security vulnerability exists in Victor CMS, which stems from the lack of validation of externally entered SQL statements in the database-based application. An attacker could exploi...

mingSoft Mcms SQL Injection Vulnerability (CNVD-2022-09254)

MingSoft Mcms is China's MingFei MingSoft company's a complete open source J2ee system . A security vulnerability exists in MingSoft Mcms that stems from a database-based application that lacks validation of externally entered SQL statements. An attacker can exploit this vulnerability to execute...

mingSoft MCMS SQL Injection Vulnerability (CNVD-2022-09255)

MingSoft Mcms is China's Ming Fei MingSoft company a complete open source J2ee system . mingSoft MCMS suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker can exploit this vulnerability to...

JeecgBoot SQL Injection Vulnerability

JeecgBoot is a Java low-code platform for enterprise Web applications in China. A SQL injection vulnerability exists in JeecgBoot version 3.0, which stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker can exploit this vulnerability to...

Nextcloud Android app SQL injection vulnerability (CNVD-2022-18415)

Nextcloud Android app is an Android-based mobile application from Nextcloud Germany for accessing Nextcloud servers. nextcloud Android app is vulnerable to SQL injection, a vulnerability that stems from the lack of validation of externally entered SQL statements in database-based applications. An...

Amios Emuse-eServices/eNvoice SQL Injection Vulnerability

Amios Emuse-eServices/eNvoice is an electronic invoicing service from the Israeli company Amios. It is a digital interface that simplifies the collection process and automatically sends invoices to customers via email.Amios Emuse-eServices/eNvoice suffers from a SQL injection vulnerability, which...

WordPress Plugin SQL Injection Vulnerability (CNVD-2021-101156)

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress Plugin is a WordPress open source application plugin. WordPress Affiliates Manager is vulnerable to a SQ...

Open-School SQL Injection Vulnerability

Open-School is a Web-based school management software. The software provides online fee collection, attendance and online library features. A SQL injection vulnerability exists in Open-School version 2.3 Community Edition and version 3.0, which stems from a lack of validation of externally entere...

CVE-2007-6430

Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations "realtime" and host-based authentication, does not check the IP address when the username is correct and there is no...

Authentication flaw

Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations "realtime" and host-based authentication, does not check the IP address when the username is correct and there is no...

CVE-2007-6430

Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations "realtime" and host-based authentication, does not check the IP address when the username is correct and there is no...

HSRS 1.0 (addcode.php) Remote File Include Vulnerability

Exploit for unknown platform in category web applications ======================================================== HSRS 1.0 addcode.php Remote File Include Vulnerability ======================================================== --------------------------------------|| Viva Palestine...