The vulnerability of the “fields” parameter on the Pangeo Radar platform’s separate data storage and management system allows a hacker to execute arbitrary SQL queries against the database.

The vulnerability of the “fields” parameter on the Pangeo Radar platform’s separate data storage and management system is related to the lack of measures taken to neutralize special elements used in SQL queries. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queri...

FunAdmin SQL注入漏洞

FunAdmin is FunAdmin open source based on ThinkPHP6 + Layui development of a lightweight high-profile back-end development system . Funadmin version 3.2.0 there is a security vulnerability , the vulnerability stems from the memberMemberLevel.php selectFields parameter found to contain SQL injecti...

CVE-2022-4158

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgFields POST parameter before concatenating it to an SQL query in users-registry-check-registering-and-login.php. This may allow malicious visitors to leak sensitive...

PT-2022-25953 · WordPress · Contest Gallery Pro +1

Name of the Vulnerable Software and Affected Versions: Contest Gallery WordPress plugin versions prior to 19.1.5.1 Contest Gallery Pro WordPress plugin versions prior to 19.1.5.1 Description: The issue arises from the failure to escape the cg Fields POST parameter before it is concatenated to an...

CVE-2021-24755

The myCred WordPress plugin before 2.3 does not validate or escape the fields parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated user...

CVE-2020-29139

A SQL injection vulnerability in interface/main/finder/patientselect.php from library/patient.inc in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the searchFields parameter...

SQL injection vulnerability in fields parameter under source/ajax.php file of doyocms system

DOYO universal station-building system using PHP and MYSQL development, is a free open source CMS station-building, enterprise station-building system , can be widely used for personal, business, government, institutions and many other website construction. doyocms system source/ajax.php file und...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the NEX-Forms Lite plugin 2.1.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the formfields parameter in a 1 doedit or 2 doinsert action to wp-admin/admin-ajax.php...