6 matches found
HDW Player,4.0.0, RCE
HDW Player,4.0.0 and all other versions, remote code execution Note that this vulnerabilitiy was supposedly fixed by the developer in version 3.2.2, the fact that this issue has arisen again suggests that the developer is aware of it and has created a deliberate back door. The VEL believe that th...
HDW Player, 3.2.1 and older
HDW Player, 3.2.1 and older including 3.1 and 3.0 Remote code execution Please see https://vel.joomla.org/vel-blog/2033-hdw-player-4-0-0-rce for further information...
HDW Player 2.4.2 - wp-admin/admin.php videos Page id Parameter SQL Injection
The HDW Player Plugin Video Player & Video Gallery WordPress plugin was affected by a wp-admin/admin.php videos Page id Parameter SQL Injection security vulnerability...
WordPress HDW Player Plugin - SQL Injection
This WordPress HDW Player plugin's "wp-admin/admin.php" is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...
WordPress Plugin HDW Player - wp-adminadmin.php SQL Injection
WordPress Plugin HDW Player - wp-adminadmin.php SQL Injection source: https://www.securityfocus.com/bid/69105/info The WordPress HDW Player plugin Video Player & Video Gallery is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it i...
WordPress Plugin HDW Player - '/wp-admin/admin.php' SQL Injection
source: https://www.securityfocus.com/bid/69105/info The WordPress HDW Player plugin Video Player & Video Gallery is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to compromi...