201 matches found
CVE-2024-24868 WordPress SP Project & Document Manager Plugin <= 4.69 is vulnerable to SQL Injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.69...
CVE-2024-24868
CVE-2024-24868 affects the WordPress plugin SP Project & Document Manager (versions up to 4.69). It is a SQL Injection due to improper neutralization of input in the plugin, enabling unauthorized data access/injection via authenticated conduit. The issue is mitigated by upgrading to version 4.70,...
WordPress Plugin SP Project & Document Manager SQL Injection Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress SP Project & Document Manager Plugin <= 4.69 is vulnerable to SQL Injection
Software SP Project & Document Manager Type Plugin Vulnerable versions = 4.69 Fixed in 4.70 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-24868 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 55e058d86d8c Credits Yudistira Arya Required privilege...
Oracle Primavera Unifier (January 2024 CPU)
The versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2024 CPU advisory. - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering component: Platform Google Guava. Supported versions that...
Sql injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Smartypants SP Project & Document Manager allows SQL Injection.This issue affects SP Project & Document Manager: from n/a through 4.67...
CVE-2023-36677
CVE-2023-36677 concerns the WordPress SP Project & Document Manager plugin. The vulnerability is an SQL Injection caused by improper neutralization of special elements in an SQL command, affecting versions n/a through 4.67. The issue is categorized as high severity with potential impact to confid...
CVE-2023-36677 WordPress SP Project & Document Manager Plugin <= 4.67 is vulnerable to SQL Injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Smartypants SP Project & Document Manager allows SQL Injection.This issue affects SP Project & Document Manager: from n/a through 4.67...
CVE-2023-36677 WordPress SP Project & Document Manager plugin <= 4.67 - SQL Injection
A vulnerability in smartypants SP Project & Document Manager sp-client-document-manager.This issue affects SP Project & Document Manager : from n/a through = 4.67...
WordPress Plugin SP Project & Document Manager SQL Injection Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...
PT-2023-25674 · Unknown · Smartypants Sp Project & Document Manager
Name of the Vulnerable Software and Affected Versions: Smartypants SP Project & Document Manager versions n/a through 4.67 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection...
CVE-2023-36530
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Smartypants SP Project & Document Manager plugin = 4.67 versions...
Cross site scripting
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Smartypants SP Project & Document Manager plugin = 4.67 versions...
CVE-2023-36530
CVE-2023-36530 is a Stored XSS affecting the WordPress plugin SP Project & Document Manager (versions
CVE-2023-36530 WordPress SP Project & Document Manager Plugin <= 4.67 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Smartypants SP Project & Document Manager plugin = 4.67 versions...
CVE-2023-3063
The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it...
CVE-2023-3063
CVE-2023-3063 affects SP Project & Document Manager (WordPress) up to version 4.67. Root cause: Insecure Direct Object References (IDOR) allowing authenticated users with subscriber privileges (or higher) to access objects and bypass authorization, enabling password changes and potential administ...
CVE-2023-3063 SP Project & Document Manager <= 4.67 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change
The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it...
CVE-2023-3063 SP Project & Document Manager <= 4.67 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change
The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it...
PT-2023-22827 · WordPress · Sp Project & Document Manager
Name of the Vulnerable Software and Affected Versions: SP Project & Document Manager plugin for WordPress versions up to, and including, 4.67 Description: The issue is related to Insecure Direct Object References, which allows user-controlled access to objects. This enables authenticated attacker...