Lucene search
K

11 matches found

Cvelist
Cvelist
added 2026/06/15 12:0 p.m.31 views

CVE-2016-20073 Answer My Question 1.3 Plugin WordPress SQL Injection via modal.php

Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' POST parameter. Attackers can submit crafted SQL statements to the modal.php endpoint to extract...

8.8CVSS0.0027EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/21 5:9 p.m.9 views

EUVD-2026-31297

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in addnm.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid POST parameter directly into an HTML form input value attribute and an inlin...

5.4CVSS5.8AI score0.00212EPSS
Exploits0References3
NVD
NVD
added 2026/03/23 7:16 p.m.19 views

CVE-2026-33723

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the Subscribe::save method in objects/subscribe.php concatenates the $this-usersid property directly into an INSERT SQL query without sanitization or parameterized binding. This property originates from...

7.1CVSS0.00224EPSS
Exploits1References2
NVD
NVD
added 2026/01/28 6:16 p.m.4 views

CVE-2020-36972

SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'idpost' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted SQL queries that compare...

8.8CVSS0.00282EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/01/28 5:35 p.m.31 views

CVE-2020-36972 SmartBlog 2.0.1 - 'id_post' Blind SQL injection

SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'idpost' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted SQL queries that compare...

8.8CVSS0.00282EPSS
Exploits1References3
EUVD
EUVD
added 2026/01/28 5:35 p.m.6 views

EUVD-2020-30879

SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'idpost' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted SQL queries that compare...

8.8CVSS5.9AI score0.00282EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/01/28 5:35 p.m.3 views

CVE-2020-36972

SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'idpost' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted SQL queries that compare...

8.8CVSS5.9AI score0.00282EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/28 5:35 p.m.5 views

CVE-2020-36972 SmartBlog 2.0.1 - 'id_post' Blind SQL injection

SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'idpost' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted SQL queries that compare...

8.8CVSS5.9AI score0.00282EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.4 views

PT-2026-5163

Name of the Vulnerable Software and Affected Versions SmartBlog version 2.0.1 Description The software contains a blind SQL injection issue in the id post parameter of the details controller. This allows attackers to extract database information by injecting crafted SQL queries that compare...

8.8CVSS5.6AI score0.00282EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.8 views

SmartBlog security vulnerabilities

SmartBlog is a blog module developed by Muhammad Arifur Rahman. Version 2.0.1 of SmartBlog has a security vulnerability, which stems from blind SQL injection in the details controller’s idpost parameter, potentially allowing access to database information...

8.8CVSS5.8AI score0.00282EPSS
Exploits1References3
NVD
NVD
added 2013/05/13 11:55 p.m.18 views

CVE-2013-3538

Multiple cross-site scripting XSS vulnerabilities in todooforum.php in Todoo Forum 2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 idpost or 2 pg parameter...

4.3CVSS5.8AI score0.03247EPSS
Exploits1References4
Rows per page
Query Builder