32 matches found
CVE-2017-1002006
Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/savecontact.php doesn't check that the user is authorized before injecting new contacts into the wpcontact table...
CVE-2017-1002007
CVE-2017-1002007 affects the WordPress DTracker plugin v1.5. The issue is in dtracker/save_mail.php, which does not verify that the user is authorized before inserting new contacts into wp_contact. The root cause is missing authorization checks, allowing an unauthenticated attempt to inject data ...
CVE-2017-1002007
Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/savemail.php doesn't check that the user is authorized before injecting new contacts into the wpcontact table...
CVE-2017-1002004
The CVE-2017-1002004 entry concerns the WordPress DTracker plugin (v1.5) with an SQL injection in dtracker/download.php where user input is not sanitized for the id parameter before appending to SQL queries. Public sources in the Connected documents describe multiple unauthenticated blind SQL inj...
CVE-2017-1002006
Vulnerability in WordPress DTracker plugin v1.5 is caused by dtracker/save_contact.php failing to verify user authorization before inserting contacts into the wp_contact table. The issue enables unauthorized users to inject new contacts, potentially compromising site data. Connected sources corro...
CVE-2017-1002005
CVE-2017-1002005 affects the WordPress DTracker plugin (v1.5): the delete.php path uses user input for contact_id directly in an SQL query without sanitization, enabling SQL injection. Connected documents corroborate a SQL injection vulnerability in DTracker 1.5, with multiple sources flagging un...
WordPress DTracker plugin content injection vulnerability (CNVD-2017-03798)
WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . A content injection vulnerability exists in the WordPress DTracker plugin, which stems from the program failing ...
WordPress DTracker plugin content injection vulnerability
WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . A content injection vulnerability exists in the WordPress DTracker plugin, which stems from the program failing ...
WordPress Plugin DTracker SQL Injection Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platforms developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.DTracker is one of the plug-ins used to track site downloads. A SQL injection vulnerability exists in WordPress plugin...
WordPress plugin DTracker SQL injection vulnerability (CNVD-2017-03688)
WordPress is the WordPress Software Foundation's set of blogging platforms developed using the PHP language, which supports the setting up of personal blog sites on servers with PHP and MySQL.DTracker is one of the plugins used to track site downloads. A SQL injection vulnerability exists in...
Dtracker <= 1.5 - Unauthorised Contract Creation
Plugin is still affected and has been closed...
DTracker 1.5 - Multiple Unauthenticated Blind SQL Injections
The dtracker WordPress plugin was affected by a Multiple Unauthenticated Blind SQL Injections security vulnerability...