Easy Newsletter Signups <= 1.0.4 - Admin+ SQLi

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin 1. From the "Easy Newsletter Signups", select an email address and then click "Export to CSV" 2. Intercept the...

Easy Newsletter Signups <= 1.0.4 - Admin+ SQLi

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin PoC 1. From the "Easy Newsletter Signups", select an email address and then click "Export to CSV" 2. Intercept...

CVE-2023-47489

CSV injection in export as csv in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components...

Sql injection

Imagicle Application Suite for Cisco UC before 2021.Summer.2 allows SQL injection. A low-privileged user could inject a SQL statement through the "Export to CSV" feature of the Contact Manager web GUI...

PT-2021-23599 · Imagicle · Imagicle Application Suite

Name of the Vulnerable Software and Affected Versions: Imagicle Application Suite for Cisco UC versions prior to 2021.Summer.2 Description: The issue allows SQL injection, where a low-privileged user could inject a SQL statement through the "Export to CSV" feature of the Contact Manager web GUI...

CVE-2018-15571

The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection...