CVE-2018-25434 WP AutoSuggest 0.24 SQL Injection via autosuggest.php

WP AutoSuggest 0.24 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wpaskeys parameter. Attackers can send GET requests to autosuggest.php with crafted wpaskeys values to extract sensitive...

PT-2026-45625

WP AutoSuggest 0.24 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wpas keys parameter. Attackers can send GET requests to autosuggest.php with crafted wpas keys values to extract sensitive...

CVE-2024-2341

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the keys parameter in all versions up to, and including, 1.6.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

WordPress Plugin Appointment Booking Calendar 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-19865 · WordPress · The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

Name of the Vulnerable Software and Affected Versions: The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress versions up to, and including, 1.6.7.7 Description: The issue is related to SQL Injection via the keys parameter due to insufficient escaping ...

Information Disclosure

github.com/etcd-io/etcd is vulnerable to Information Disclosure. The vulnerability exists in the LeaseTimeToLive function of v3server.go because it allows access to key names not value associated with a lease when the Keys parameter is true, even if the user doesn't have read permission to the...

GHSA-8J39-FGFP-VXH8 XXL-CONF Path Traversal vulnerability

An issue was discovered in XXL-CONF 1.6.0. There is a path traversal vulnerability via ../ in the keys parameter that can download any configuration file, related to ConfController.java and PropUtil.java...

SQL injection vulnerability in the searchKeys parameter of newspaper system advresult.jsp page at Beijing Zixin Newspaper Technology Development Co.

Zixin Newspaper Digital Newspaper System is a professional information-based multimedia publishing platform for internal journals, newspapers and magazines in different industries, such as newspapers, magazines, schools, groups of enterprises, governments and non-profit organizations. A SQL...

SQL injection vulnerability in the searchKeys parameter of the showresult.jsp page of the newspaper system of Beijing Zixin Newspaper Technology Development Co.

Zixin Newspaper Digital Newspaper System is a professional information-based multimedia publishing platform for internal journals, newspapers and magazines in different industries, such as newspapers, magazines, schools, groups of enterprises, governments and non-profit organizations. A SQL...