Database Peek <= 1.2 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape the match parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. PoC https://example.com/wp-admin/admin.php?page=ab-database-peek=wpusers="...

Square 9 GlobalForms SQL Injection Vulnerability

Square 9 GlobalForms is a web form management software from Square 9 Softworks. The software collects Web form data and automatically populates it with keywords. A SQL injection vulnerability exists in the 'match' parameter in Square 9 GlobalForms version 6.2.x. A remote attacker could use this...

CVE-2018-8820

An issue was discovered in Square 9 GlobalForms 6.2.x. A Time Based SQL injection vulnerability in the "match" parameter allows remote authenticated attackers to execute arbitrary SQL commands. It is possible to upgrade access to full server compromise via xpcmdshell. In some cases, the...

CVE-2018-8820

An issue was discovered in Square 9 GlobalForms 6.2.x. A Time Based SQL injection vulnerability in the "match" parameter allows remote authenticated attackers to execute arbitrary SQL commands. It is possible to upgrade access to full server compromise via xpcmdshell. In some cases, the...

CVE-2010-5016

SQL injection vulnerability in matchdb.php in Elite Gaming Ladders 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the match parameter...