201 matches found
WordPress plugin SP Project & Document Manager 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. An information disclosure vulnerability exists in...
CVE-2021-4225
The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovere...
Design/Logic Flaw
The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovere...
CVE-2021-4225
The CVE concerns the SP Project & Document Manager WordPress plugin (pre-4.24). The issue arises in the file-upload feature, where authentication is not restricted and users such as subscribers can upload files. The vendor’s extension-based checks are intended to block executable PHP or similar f...
WordPress plugin SP Project & Document Manager 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress SP Project...
CVE-2021-38315
The SP Project & Document Manager WordPress plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the /functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.25...
CVE-2021-38315
The SP Project & Document Manager WordPress plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the /functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.25...
Cross site scripting
The SP Project & Document Manager WordPress plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the /functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.25...
CVE-2021-38315 SP Project & Document Manager <= 4.25 Reflected Cross-Site Scripting
The SP Project & Document Manager WordPress plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the /functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.25...
CVE-2021-38315
The CVE-2021-38315 entry concerns the SP Project & Document Manager WordPress plugin (versions
SP Project & Document Manager < 4.26 - Reflected Cross-Site Scripting
The plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the /functions.php file which allows attackers to inject arbitrary web scripts https://example.com/wp-admin/admin.php?page=sp-client-document-manager&from=" style=animation-name:rotation...
WordPress SP Project & Document Manager plugin <= 4.25 - Attribute-based Reflected Cross-Site Scripting (XSS) vulnerability
Attribute-based Reflected Cross-Site Scripting XSS vulnerability discovered by Thinkland Security Team in WordPress SP Project & Document Manager plugin versions = 4.25. Solution Update the WordPress SP Project & Document Manager plugin to the latest available version at least 4.26...
CVE-2020-23238
Cross Site Scripting XSS vulnerability in Evolution CMS 2.0.2 via the Document Manager feature...
CVE-2020-23238
Cross Site Scripting XSS vulnerability in Evolution CMS 2.0.2 via the Document Manager feature...
Cross site scripting
Cross Site Scripting XSS vulnerability in Evolution CMS 2.0.2 via the Document Manager feature...
CVE-2020-23238
Cross Site Scripting XSS vulnerability in Evolution CMS 2.0.2 via the Document Manager feature...
CVE-2020-23238
CVE-2020-23238 affects Evolution CMS 2.0.2, with a Cross Site Scripting (XSS) vulnerability exposed via the Document Manager feature . The connected records corroborate the vulnerability across multiple sources, consistently describing an XSS issue in that version; no details on exploitation, aff...
Evolution CMS 跨站脚本漏洞
Evolution CMS is an open source PHP-based content management system CMS. A cross-site scripting vulnerability exists in Evolution CMS version 2.0.2, which can be exploited by an attacker to cause a cross-site scripting vulnerability via the Document Manager feature...
Wordpress SP Project & Document Manager 4.21 Plugin - Remote Code Execution Exploit
Exploit Title: Wordpress Plugin SP Project & Document Manager 4.21 - Remote Code Execution RCE Authenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://smartypantsplugins.com/ Software Link: https://downloads.wordpress.org/plugin/sp-client-document-manager.4.21.zip Version:...
Wordpress Plugin SP Project & Document Manager 4.21 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: Wordpress Plugin SP Project & Document Manager 4.21 - Remote Code Execution RCE Authenticated Date 07.07.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://smartypantsplugins.com/ Software Link:...