Lucene search
K

9 matches found

cnvd
cnvd
added 2021/06/15 12:0 a.m.29 views

WordPress Xllentech English Islamic Calendar plugin SQL Injection Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress Xllentech English Islamic Calendar plugin prior to...

8.8CVSS9AI score0.01586EPSS
Exploits2References1
osv
osv
added 2021/06/14 2:15 p.m.5 views

CVE-2021-24341

When deleting a date in the Xllentech English Islamic Calendar WordPress plugin before 2.6.8, the yearnumber and monthnumber POST parameters are not sanitised, escaped or validated before being used in a SQL statement, leading to SQL injection...

8.8CVSS7.3AI score0.01586EPSS
Exploits2References2
prion
prion
added 2021/06/14 2:15 p.m.16 views

Sql injection

When deleting a date in the Xllentech English Islamic Calendar WordPress plugin before 2.6.8, the yearnumber and monthnumber POST parameters are not sanitised, escaped or validated before being used in a SQL statement, leading to SQL injection...

6.5CVSS8.9AI score0.01586EPSS
Exploits2References2Affected Software1
cvelist
cvelist
added 2021/06/14 1:37 p.m.26 views

CVE-2021-24341 Xllentech English Islamic Calendar < 2.6.8 - Authenticated SQL Injection

When deleting a date in the Xllentech English Islamic Calendar WordPress plugin before 2.6.8, the yearnumber and monthnumber POST parameters are not sanitised, escaped or validated before being used in a SQL statement, leading to SQL injection...

9.2AI score0.01586EPSS
Exploits2References2
cve
cve
added 2021/06/14 1:37 p.m.78 views

CVE-2021-24341

CVE-2021-24341 affects the WordPress Xllentech English Islamic Calendar plugin (before 2.6.8). The issue stems from unsanitised year_number and month_number POST parameters used directly in a SQL statement during the delete date operation, enabling SQL injection. Exploitation details are not prov...

8.8CVSS9AI score0.01586EPSS
Exploits2References2Affected Software1
cnnvd
cnnvd
added 2021/06/14 12:0 a.m.5 views

WordPress SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress Xllentech English Islamic Calendar plugin prior to...

8.8CVSS6.1AI score0.01586EPSS
Exploits2References2
patchstack
patchstack
added 2021/05/27 12:0 a.m.18 views

WordPress Xllentech English Islamic Calendar plugin <= 2.6.7 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Syed Sheeraz Ali in WordPress Xllentech English Islamic Calendar plugin versions = 2.6.7. Solution Update the WordPress Xllentech English Islamic Calendar plugin to the latest available version at least 2.6.8...

8.8CVSS2.9AI score0.01586EPSS
Exploits2References3Affected Software1
wpvulndb
wpvulndb
added 2021/05/27 12:0 a.m.20 views

Xllentech English Islamic Calendar < 2.6.8 - Authenticated SQL Injection

When deleting a date in the plugin, the yearnumber and monthnumber POST parameters are not sanitised, escaped or validated before being used in a SQL statement, leading to SQL injection. PoC POST /wp-admin/options-general.php?page=xllentechoptionstab4 HTTP/1.1 Content-Length: 220 Cache-Control:...

8.8CVSS1.2AI score0.01586EPSS
Exploits2References1Affected Software1
wpexploit
wpexploit
added 2021/05/27 12:0 a.m.142 views

Xllentech English Islamic Calendar < 2.6.8 - Authenticated SQL Injection

When deleting a date in the plugin, the yearnumber and monthnumber POST parameters are not sanitised, escaped or validated before being used in a SQL statement, leading to SQL injection. POST /wp-admin/options-general.php?page=xllentechoptionstab4 HTTP/1.1 Content-Length: 220 Cache-Control:...

8.8CVSS1.2AI score0.01586EPSS
Exploits2References1
Rows per page
Query Builder