CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. WordPress WPQAs plugin versions prior to 5.2 are vulnerable to an authorization issue that stems...

4.3CVSS2.2AI score0.00204EPSS

Exploits1References1

OSV•added 2022/05/16 3:15 p.m.•1 views

CVE-2022-1349

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the value passed to the imageid parameter of the ajax action wpqaremoveimage belongs to the requesting user, allowing any users with privileges as low as Subscriber to...

4.3CVSS5.8AI score0.00204EPSS

Exploits1References1

seebug.org•added 2016/01/13 12:0 a.m.•30 views

Joomla 组件Gallery WD SQL注入漏洞

0x01 漏洞简介 Joomla 组件Gallery WD存在多处SQL注入漏洞。远程攻击者可以利用该漏洞执行任意SQL指令。该插件的下载地址是： http://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-wd 0x02漏洞说明 2.1参数themeid存在GET型SQL注入漏洞该漏洞利用的POC格式如下： index.php?option=comgallerywd&view=gallerybox&imageid=19&galleryid=2&themeid=1 AND...

7.1AI score

Exploits0

NVD•added 2011/11/01 10:55 p.m.•8 views

CVE-2010-4978

Cross-site scripting XSS vulnerability in image/view.php in CANDID allows remote attackers to inject arbitrary web script or HTML via the imageid parameter...

4.3CVSS5.7AI score0.02917EPSS

Exploits1References4

NVD•added 2011/11/01 10:55 p.m.•9 views

CVE-2010-4979

SQL injection vulnerability in image/view.php in CANDID allows remote attackers to execute arbitrary SQL commands via the imageid parameter...

7.5CVSS8.4AI score0.00775EPSS

Exploits1References4

Prion•added 2011/11/01 10:55 p.m.•9 views

Sql injection

SQL injection vulnerability in image/view.php in CANDID allows remote attackers to execute arbitrary SQL commands via the imageid parameter...

7.5CVSS9AI score0.00775EPSS

Exploits1References4

ATTACKERKB•added 2011/11/01 10:55 p.m.•2 views

CVE-2010-4978

Cross-site scripting XSS vulnerability in image/view.php in CANDID allows remote attackers to inject arbitrary web script or HTML via the imageid parameter...

4.3CVSS5.7AI score0.02917EPSS

Exploits1References5

Prion•added 2008/07/30 5:41 p.m.•8 views

Sql injection

SQL injection vulnerability in picture.php in phpTest 0.6.3 allows remote attackers to execute arbitrary SQL commands via the imageid parameter...

7.5CVSS9.1AI score0.00414EPSS

Exploits1References4Affected Software1

Packet Storm•added 2008/07/26 12:0 a.m.•17 views

phptest-sql.txt

Name : phpTest 0.6.3 picture.php imageid Remote SQL Injection Vulnerability Author : cOndemned Dark-Coders Dork : sorry, today no dork ; Greetz : ZaBeaTy, str0ke, GregStar, Voo|doo, ixos, 0in, suN8Hclf, TBH, Avantura : Source code of "picture.php" : 24. ptregister'GET', 'imageid'; 25. 26. if...

7.4AI score

Exploits0

Prion•added 2007/03/20 10:19 p.m.•15 views

Sql injection

Multiple SQL injection vulnerabilities in phpx 3.5.15 allow remote attackers to execute arbitrary SQL commands via the 1 imageid or 2 catid parameter to a gallery.php; the 3 newsid parameter to b news.php or c print.php; 4 the newscatid parameter to news.php; the 5 catid, 6 topicid, or 7 postid...

7.5CVSS9.2AI score0.01899EPSS

Exploits0References11Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by