122 matches found
CVE-2022-4162 Contest Gallery < 19.1.5 - Author+ SQL Injection
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgrow POST parameter before concatenating it to an SQL query in 3row-order.php. This may allow malicious users with at least author privilege to leak sensitive information...
CVE-2022-4161 Contest Gallery < 19.1.5 - Author+ SQL Injection
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgcopystart POST parameter before concatenating it to an SQL query in copy-gallery-images.php. This may allow malicious users with at least author privilege to leak sensiti...
PT-2022-25998 · WordPress · Contest Gallery Pro +1
Name of the Vulnerable Software and Affected Versions: Contest Gallery WordPress plugin versions prior to 19.1.5.1 Contest Gallery Pro WordPress plugin versions prior to 19.1.5.1 Description: The issue allows malicious users with at least author privilege to leak sensitive information from the...
PT-2022-26010 · WordPress · Contest Gallery Pro +1
Name of the Vulnerable Software and Affected Versions: Contest Gallery WordPress plugin versions prior to 19.1.5.1 Contest Gallery Pro WordPress plugin versions prior to 19.1.5.1 Description: The issue allows malicious users with at least author privilege to leak sensitive information from the...
PT-2022-26003 · WordPress · Contest Gallery Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: Contest Gallery WordPress plugin versions prior to 19.1.5.1 Contest Gallery Pro WordPress plugin versions prior to 19.1.5.1 Description: The issue allows malicious users with at least author privilege to leak sensitive information from the...
Exploit for SQL Injection in Anuko Time_Tracker
PoC for CVE-2022-24707 SQL Injection Vulnerability on Puncher...
ShinyHunters leak database of Indian wedding portal WedMeGood
By Waqas The leaked WedMeGood database contains 41.5 GB worth of data which is another massive data leak from ShinyHunters. ShinyHunters, the notorious hacker known for leaking databases of firms like Animal Jam, Mashable, Upstox, and 123RF, etc., is back with yet another high-profile data breach...
PHP Site's User Database Was Hacked In Recent Source Code Backdoor Attack
The maintainers of the PHP programming language have issued an update regarding the security incident that came to light late last month, stating that the actors may have gotten hold of a user database containing their passwords to make unauthorized changes to the repository. "We no longer believ...
Criminal, Domestic Violence Case Info Exposed in Cook County Leak
A non-password protected database, belonging to a county in Illinois, exposed 323,000 court records for at least four months, according to researchers. The database exposed the names of various people involved in sensitive criminal, domestic-abuse or child-custody court cases. Researchers from...
CVE-2020-36112
CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php and in cart.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database on which the web application...
Database leak exposed mass credential stuffing against Spotify users
By Deeba Ahmed Researchers helped Spotify detect and address a severe credential stuffing operation affecting hundreds of millions of its users. This is a post from HackRead.com Read the original post: Database leak exposed mass credential stuffing against Spotify users...
Sql injection
A SQL injection vulnerability was discovered in Karenderia Multiple Restaurant System, affecting versions 5.4.2 and below. The vulnerability allows for an unauthenticated attacker to perform various tasks such as modifying and leaking all contents of the database...
Luckypal Karenderia SQL Injection Vulnerability
Luckypal Karenderia is a restaurant ordering system by Luckypal Individual Developers. A SQL injection vulnerability exists in the Karenderia Multiple Restaurant System version 5.4.2 and earlier versions, which allows an unauthenticated attacker to perform a variety of tasks such as modifying and...
ShinyHunters hacker leaks 5.22GB worth of Mashable.com database
By Waqas ShinyHunters leaked the database earlier today and revealed that it does not contain any password. This is a post from HackRead.com Read the original post: ShinyHunters hacker leaks 5.22GB worth of Mashable.com database...
SQL Injection Vulnerability in MileagePlus PHP Blog System
MileagePHP Blog System is an open source blog system based on ThinkPHP. MileagePHP Blog System suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...
CVE-2020-25130
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending an improper variable type of Array allows a bypass of core SQL...
CVE-2020-25130
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending an improper variable type of Array allows a bypass of core SQL...
Sql injection
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending an improper variable type of Array allows a bypass of core SQL...
CVE-2020-25130
Observium (Professional/Enterprise/Community) version 20.8.10631 is vulnerable to SQL Injection via the ajax/actions.php group_id field. The issue arises from how certain parameter types (notably an Array) bypass SQL sanitization, enabling authenticated users to inject SQL and potentially perform...
CVE-2020-25130
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending an improper variable type of Array allows a bypass of core SQL...