Bugsink 路径遍历漏洞

Bugsink is a self-hosted bug tracking software from Bugsink open source. Bugsink suffers from a path traversal vulnerability that stems from improperly constructed paths due to unvalidated eventid inputs, which could lead to arbitrary file overwriting or creation. The following versions are...

CVE-2021-24943

The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the eventid in the rtecsendunregisterlink AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an unauthenticated SQL injection...