757 matches found
CVE-2022-4855 SourceCodester Lead Management System login.php sql injection
A vulnerability, which was classified as critical, was found in SourceCodester Lead Management System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been...
CVE-2022-4855
CVE-2022-4855 affects SourceCodester Lead Management System 1.0. The login.php username parameter is vulnerable to SQL injection, enabling remote exploitation. Multiple sources confirm the issue is due to lack of input validation in login.php, with public disclosure of the exploit. Impact is desc...
Lead management system SQL注入漏洞
Lead management system is a lead management system developed by Mayuri K. The Lead Management System version 1.0 is vulnerable to SQL injection, which stems from the lack of validation of external input SQL statements in the login.php parameter username, and can be exploited by attackers to The...
PT-2022-28140 · Sourcecodester · Sourcecodester Loan Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Lead Management System version 1.0 Description: A critical issue was found in the SourceCodester Lead Management System. The manipulation of the username argument in the login.php file leads to sql injection. This issue can be...
CVE-2022-41978
Auth. subscriber+ Arbitrary Options Update vulnerability in Zoho CRM Lead Magnet plugin = 1.7.5.8 on WordPress...
CVE-2022-41978
Auth. subscriber+ Arbitrary Options Update vulnerability in Zoho CRM Lead Magnet plugin = 1.7.5.8 on WordPress...
Code injection
Auth. subscriber+ Arbitrary Options Update vulnerability in Zoho CRM Lead Magnet plugin = 1.7.5.8 on WordPress...
CVE-2022-41978
The CVE-2022-41978 issue affects the WordPress Zoho CRM Lead Magnet plugin, specifically versions up to 1.7.5.8 (and referenced guidance up to 1.7.6.x). The root cause is insufficient authorization and CSRF protections in certain AJAX actions, allowing authenticated users (e.g., subscriber level)...
CVE-2022-41978 WordPress Zoho CRM Lead Magnet plugin <= 1.7.5.8 - Auth. Arbitrary Options Update vulnerability
Auth. subscriber+ Arbitrary Options Update vulnerability in Zoho CRM Lead Magnet plugin = 1.7.5.8 on WordPress...
WordPress Plugin Zoho CRM Lead Magnet 权限许可和访问控制问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin Zoho CRM Lead Magnet...
PT-2022-26197 · Zoho · Zoho Crm Lead Magnet Plugin
Name of the Vulnerable Software and Affected Versions: Zoho CRM Lead Magnet plugin versions = 1.7.5.8 Description: The issue allows authenticated users with subscriber or higher privileges to update arbitrary options. Recommendations: For Zoho CRM Lead Magnet plugin versions = 1.7.5.8, update to ...
Zoho CRM Lead Magnet < 1.7.6.2 - Subscriber+ Arbitrary Options Update
The plugin does not have authorisation and CSRF in some AJAX actions, and does not ensure that the option to be updated belong to the plugin. As a result, any authenticated users, such as subscriber could update arbitrary blog options such as defaultrole and userscanregister. PoC v response.text...
Zoho CRM Lead Magnet < 1.7.6.2 - Subscriber+ Arbitrary Options Update
The plugin does not have authorisation and CSRF in some AJAX actions, and does not ensure that the option to be updated belong to the plugin. As a result, any authenticated users, such as subscriber could update arbitrary blog options such as defaultrole and userscanregister. v response.text...
WordPress Zoho CRM Lead Magnet plugin <= 1.7.6.1 - Auth. Arbitrary Options Update vulnerability
Auth. Arbitrary Options Update vulnerability discovered by ptsfence Patchstack Alliance in WordPress Zoho CRM Lead Magnet plugin versions = 1.7.6.0. Solution Update the WordPress Zoho CRM Lead Magnet plugin to the latest available version at least 1.7.6.2...
PT-2022-22649 · 59Sec · 59Sec Lite
Name of the Vulnerable Software and Affected Versions: 59sec THE Leads Management System: 59sec LITE plugin version 3.4.1 and earlier Description: The issue allows for unauthenticated changes to plugin settings. Recommendations: For 59sec LITE plugin version 3.4.1 and earlier, update to a version...
U.S. Dept Of Defense: IDOR Lead To VIEW & DELETE & Create api_key [HtUS]
Hi Dod & Hackerone Team i hope you are Doing Well Today : Explaining: i found That a User With a Member Permission in a Organization Can Create & View & DELETE APIKEYS Step To Reproduce: 1 First Create 2 Accounts From Here https://███ 2 Log in With The Victim User and Create New Group From Here...
lead-und-coach.de Cross Site Scripting vulnerability OBB-2726383
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2022-1776
The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin before 2.1.8 does not sanitize and escape some campaign parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...
Malicious code in here_lead_generation_v2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ec03749315d8f69bb656557b7de12b552bef9f87fbffe2307897772c23a35b34 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-3614 Malicious code in here_lead_generation_v2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ec03749315d8f69bb656557b7de12b552bef9f87fbffe2307897772c23a35b34 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...