Lucene search
+L

122 matches found

Vulnrichment
Vulnrichment
added 2022/12/26 12:28 p.m.5 views

CVE-2022-4162 Contest Gallery < 19.1.5 - Author+ SQL Injection

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgrow POST parameter before concatenating it to an SQL query in 3row-order.php. This may allow malicious users with at least author privilege to leak sensitive information...

6.8AI score0.00854EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2022/12/26 12:27 p.m.8 views

CVE-2022-4161 Contest Gallery < 19.1.5 - Author+ SQL Injection

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgcopystart POST parameter before concatenating it to an SQL query in copy-gallery-images.php. This may allow malicious users with at least author privilege to leak sensiti...

6.8AI score0.00854EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2022/12/26 12:0 a.m.5 views

PT-2022-25998 · WordPress · Contest Gallery Pro +1

Name of the Vulnerable Software and Affected Versions: Contest Gallery WordPress plugin versions prior to 19.1.5.1 Contest Gallery Pro WordPress plugin versions prior to 19.1.5.1 Description: The issue allows malicious users with at least author privilege to leak sensitive information from the...

6.5CVSS6.5AI score0.00854EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2022/12/26 12:0 a.m.9 views

PT-2022-26010 · WordPress · Contest Gallery Pro +1

Name of the Vulnerable Software and Affected Versions: Contest Gallery WordPress plugin versions prior to 19.1.5.1 Contest Gallery Pro WordPress plugin versions prior to 19.1.5.1 Description: The issue allows malicious users with at least author privilege to leak sensitive information from the...

6.5CVSS6.4AI score0.00854EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2022/12/26 12:0 a.m.5 views

PT-2022-26003 · WordPress · Contest Gallery Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Contest Gallery WordPress plugin versions prior to 19.1.5.1 Contest Gallery Pro WordPress plugin versions prior to 19.1.5.1 Description: The issue allows malicious users with at least author privilege to leak sensitive information from the...

6.5CVSS6.4AI score0.00854EPSS
Exploits2References5
GithubExploit
GithubExploit
added 2022/05/03 1:11 a.m.557 views

Exploit for SQL Injection in Anuko Time_Tracker

PoC for CVE-2022-24707 SQL Injection Vulnerability on Puncher...

8.8CVSS9.1AI score0.07159EPSS
Exploits5
HackRead
HackRead
added 2021/05/06 6:20 p.m.46 views

ShinyHunters leak database of Indian wedding portal WedMeGood

By Waqas The leaked WedMeGood database contains 41.5 GB worth of data which is another massive data leak from ShinyHunters. ShinyHunters, the notorious hacker known for leaking databases of firms like Animal Jam, Mashable, Upstox, and 123RF, etc., is back with yet another high-profile data breach...

3.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/04/08 5:52 a.m.11 views

PHP Site's User Database Was Hacked In Recent Source Code Backdoor Attack

The maintainers of the PHP programming language have issued an update regarding the security incident that came to light late last month, stating that the actors may have gotten hold of a user database containing their passwords to make unauthorized changes to the repository. "We no longer believ...

5.9AI score
Exploits0
ThreatPost
ThreatPost
added 2021/01/26 5:24 p.m.99 views

Criminal, Domestic Violence Case Info Exposed in Cook County Leak

A non-password protected database, belonging to a county in Illinois, exposed 323,000 court records for at least four months, according to researchers. The database exposed the names of various people involved in sensitive criminal, domestic-abuse or child-custody court cases. Researchers from...

6.8AI score
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2021/01/04 3:15 p.m.5 views

CVE-2020-36112

CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php and in cart.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database on which the web application...

9.8CVSS5.8AI score0.17383EPSS
Exploits1References3
HackRead
HackRead
added 2020/11/25 5:37 a.m.44 views

Database leak exposed mass credential stuffing against Spotify users

By Deeba Ahmed Researchers helped Spotify detect and address a severe credential stuffing operation affecting hundreds of millions of its users. This is a post from HackRead.com Read the original post: Database leak exposed mass credential stuffing against Spotify users...

2.5AI score
Exploits0
Prion
Prion
added 2020/11/24 6:15 p.m.21 views

Sql injection

A SQL injection vulnerability was discovered in Karenderia Multiple Restaurant System, affecting versions 5.4.2 and below. The vulnerability allows for an unauthenticated attacker to perform various tasks such as modifying and leaking all contents of the database...

7.5CVSS9.7AI score0.01272EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2020/11/24 12:0 a.m.9 views

Luckypal Karenderia SQL Injection Vulnerability

Luckypal Karenderia is a restaurant ordering system by Luckypal Individual Developers. A SQL injection vulnerability exists in the Karenderia Multiple Restaurant System version 5.4.2 and earlier versions, which allows an unauthenticated attacker to perform a variety of tasks such as modifying and...

9.8CVSS7.4AI score0.01272EPSS
Exploits1References2
HackRead
HackRead
added 2020/11/05 12:45 a.m.37 views

ShinyHunters hacker leaks 5.22GB worth of Mashable.com database

By Waqas ShinyHunters leaked the database earlier today and revealed that it does not contain any password. This is a post from HackRead.com Read the original post: ShinyHunters hacker leaks 5.22GB worth of Mashable.com database...

2.1AI score
Exploits0
CNVD
CNVD
added 2020/09/26 12:0 a.m.2 views

SQL Injection Vulnerability in MileagePlus PHP Blog System

MileagePHP Blog System is an open source blog system based on ThinkPHP. MileagePHP Blog System suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

7.8AI score
Exploits0
NVD
NVD
added 2020/09/25 2:15 p.m.17 views

CVE-2020-25130

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending an improper variable type of Array allows a bypass of core SQL...

6.5CVSS0.00998EPSS
Exploits1References1
OSV
OSV
added 2020/09/25 2:15 p.m.3 views

CVE-2020-25130

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending an improper variable type of Array allows a bypass of core SQL...

6.5CVSS6.6AI score0.00998EPSS
Exploits1References1
Prion
Prion
added 2020/09/25 2:15 p.m.15 views

Sql injection

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending an improper variable type of Array allows a bypass of core SQL...

4CVSS7AI score0.00998EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2020/09/25 1:45 p.m.77 views

CVE-2020-25130

Observium (Professional/Enterprise/Community) version 20.8.10631 is vulnerable to SQL Injection via the ajax/actions.php group_id field. The issue arises from how certain parameter types (notably an Array) bypass SQL sanitization, enabling authenticated users to inject SQL and potentially perform...

6.5CVSS7AI score0.00998EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/09/25 1:45 p.m.19 views

CVE-2020-25130

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending an improper variable type of Array allows a bypass of core SQL...

7AI score0.00998EPSS
Exploits1References1
Rows per page
Query Builder