WordPress Bit Assist plugin <= 1.5.2 - Authenticated (Subscriber+) SQL Injection via id Parameter vulnerability

Authenticated Subscriber+ SQL Injection via id Parameter vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Bit Assist versions = 1.5.2...

WeGIA SQL注入漏洞

WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. An SQL injection vulnerability exists in WeGIA 3.2.11 and prior versions that originates from allowing an authorized attacker to execute arbitrary SQL queries that could allow access to or delete sensitiv...

CVE-2024-53357

Multiple SQL injection vulnerabilities in EasyVirt DCScope = 8.6.0 and CO2Scope = 1.3.0 allows remote authenticated attackers, with low privileges, to 1 add an admin user via the /api/user/addalias route; 2 modifiy a user via the /api/user/updatealiasroute; 4 delete users via the /api/user/delali...

Centreon SQL注入漏洞

Centreon is a set of open source system monitoring tools from the French company Centreon . The product provides monitoring capabilities for resources such as networks, systems and applications. A security vulnerability exists in versions of Centreon Web prior to 24.10.3, which originates from an...

WeGIA SQL注入漏洞

WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. A SQL injection vulnerability exists in WeGIA versions prior to 3.2.9. An attacker can exploit this vulnerability to execute arbitrary SQL commands in the database to access sensitive information...

PT-2025-2042 · WordPress · Wp Extended

Name of the Vulnerable Software and Affected Versions: The Ultimate WordPress Toolkit – WP Extended plugin for WordPress versions up to, and including, 3.0.12 Description: The issue is related to time-based SQL Injection via the Login Attempts module due to insufficient escaping on the user...

CVE-2024-35278

A improper neutralization of special elements used in an sql command 'sql injection' in Fortinet FortiPortal versions 7.2.4 through 7.2.0 and 7.0.0 through 7.2.8 may allow an authenticated attacker to view the SQL query being run server-side when submitting an HTTP request, via including special...

WordPress plugin WPLMS SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WPL...

InfotelGLPI tasklists SQL注入漏洞

InfotelGLPI tasklists is an InfotelGLPI plugin for use in GLPI, an open source helpdesk and asset tracking system that provides task management and Kanban functionality. An SQL injection vulnerability exists in InfotelGLPI tasklists versions prior to 2.0.4, which stems from the presence of a blin...

Code-Projects Simple Admin Panel 安全漏洞

Code-Projects Simple Admin Panel is a simple admin panel for Code-Projects open source. A security vulnerability exists in Code-Projects Simple Admin Panel version 1.0, which stems from a size parameter SQL injection vulnerability in the addCatController.php file...

1000 Projects Daily College Class Work Report Book 注入漏洞

1000 Projects Daily College Class Work Report Book is an open source college class work report book by 1000 Projects. An injection vulnerability exists in version 1.0 of 1000 Projects Daily College Class Work Report Book, which stems from the user parameter in the /login.php file that can cause S...

CodeAstro House Rental Management System 注入漏洞

CodeAstro House Rental Management System is a house rental management system from CodeAstro. An injection vulnerability exists in CodeAstro House Rental Management System version 1.0, which stems from an incorrect manipulation of the parameter u/p that can lead to SQL injection...

FreeBSD : kanboard -- Insufficient session invalidation (94b2d58a-c1e9-11ef-aa3f-dcfe074bd614)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 94b2d58a-c1e9-11ef-aa3f-dcfe074bd614 advisory. [email protected] reports: Kanboard is project management software that focuses on the...

PT-2024-17411 · WordPress · Advanced Floating Content

Name of the Vulnerable Software and Affected Versions: Advanced Floating Content plugin for WordPress versions up to, and including, 3.8.2 Description: The issue arises from insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query in the...

PT-2024-10193 · Amazon · Amazon Redshift Jdbc Driver

Name of the Vulnerable Software and Affected Versions: Amazon Redshift JDBC Driver version 2.1.0.31 Description: A SQL injection issue in the Amazon Redshift JDBC Driver allows a user to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. This issue can be...

WordPress plugin LaunchPage.app Importer SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A SQL injection...

CVE-2024-11713

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'pageid' parameter of the wpjobportaldeactivate function in all versions up to, and including, 2.2.2 due to insufficient escaping on the user supplied...

CVE-2024-11713

CVE-2024-11713 affects WordPress plugin WP Job Portal (versions up to 2.2.2). It is an authenticated SQL Injection via wpjobportal_deactivate() with insufficient escaping and unsafe SQL construction, exploitable by Administrators or higher. Impact: potential exposure of DB content. Remediation: u...

UBUNTU-CVE-2024-21543

Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks...

djoser 安全漏洞

djoser is a REST implementation of the Django authentication system open-sourced by Sunscrapers. A security vulnerability exists in djoser versions prior to 2.3.0, which stems from the system directly querying the database to grant access to users with valid credentials, making it susceptible to ...