CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the value passed to the imageid parameter of the ajax action wpqaremoveimage belongs to the requesting user, allowing any users with privileges as low as Subscriber to...

4.3CVSS5.8AI score0.00204EPSS

Exploits1References1

NVD•added 2011/11/01 10:55 p.m.•8 views

CVE-2010-4978

Cross-site scripting XSS vulnerability in image/view.php in CANDID allows remote attackers to inject arbitrary web script or HTML via the imageid parameter...

4.3CVSS5.7AI score0.02917EPSS

Exploits1References4

NVD•added 2011/11/01 10:55 p.m.•9 views

CVE-2010-4979

SQL injection vulnerability in image/view.php in CANDID allows remote attackers to execute arbitrary SQL commands via the imageid parameter...

7.5CVSS8.4AI score0.00775EPSS

Exploits1References4

Prion•added 2011/11/01 10:55 p.m.•9 views

Sql injection

SQL injection vulnerability in image/view.php in CANDID allows remote attackers to execute arbitrary SQL commands via the imageid parameter...

7.5CVSS9AI score0.00775EPSS

Exploits1References4

ATTACKERKB•added 2011/11/01 10:55 p.m.•2 views

CVE-2010-4978

Cross-site scripting XSS vulnerability in image/view.php in CANDID allows remote attackers to inject arbitrary web script or HTML via the imageid parameter...

4.3CVSS5.7AI score0.02917EPSS

Exploits1References5

Prion•added 2008/07/30 5:41 p.m.•8 views

Sql injection

SQL injection vulnerability in picture.php in phpTest 0.6.3 allows remote attackers to execute arbitrary SQL commands via the imageid parameter...

7.5CVSS9.1AI score0.00414EPSS

Exploits1References4Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by