CVE-2019-25442

Web Wiz Forums 12.01 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the PF parameter. Attackers can send GET requests to memberprofile.asp with malicious PF values to extract sensitive database information...

CVE-2019-25442

Web Wiz Forums 12.01 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the PF parameter. Attackers can send GET requests to memberprofile.asp with malicious PF values to extract sensitive database information...

CVE-2019-25442 Web Wiz Forums 12.01 SQL Injection via PF Parameter

Web Wiz Forums 12.01 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the PF parameter. Attackers can send GET requests to memberprofile.asp with malicious PF values to extract sensitive database information...

CVE-2019-25442

Web Wiz Forums 12.01 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the PF parameter. Attackers can send GET requests to memberprofile.asp with malicious PF values to extract sensitive database information...

CVE-2019-25442 Web Wiz Forums 12.01 SQL Injection via PF Parameter

Web Wiz Forums 12.01 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the PF parameter. Attackers can send GET requests to memberprofile.asp with malicious PF values to extract sensitive database information...

PT-2026-21432

Web Wiz Forums 12.01 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the PF parameter. Attackers can send GET requests to member profile.asp with malicious PF values to extract sensitive database informatio...

PT-2025-33710 · WordPress · Real Spaces - Wordpress Properties Directory Theme

Name of the Vulnerable Software and Affected Versions: Real Spaces - WordPress Properties Directory Theme versions prior to 3.6 Description: The Real Spaces - WordPress Properties Directory Theme for WordPress is susceptible to privilege escalation through the change role member parameter during...

CVE-2024-10528

CVE-2024-10528 (Ultimate Member) affects WordPress plugin Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership. The root cause is a missing capability check in the image resize handlers (wp_ajax_um_resize_image() and ajax_resize_image()), which a...

WordPress Member Profile Forms / Custom Registration / Post From Profile in BuddyPress / BuddyBoss Plugin <= 1.4.10 is vulnerable to Cross Site Scripting (XSS)

Software Member Profile Forms / Custom Registration / Post From Profile in BuddyPress / BuddyBoss Type Plugin Vulnerable versions = 1.4.10 Fixed in 1.4.12 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Cla...

Malicious code in ent-member-profile-home (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 512394559edad846b54131928ac811c25de69d520115a38e7a916722535305de Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-306 Malicious code in ent-member-profile-home (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 512394559edad846b54131928ac811c25de69d520115a38e7a916722535305de Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

✍️ Description In the repo online rental property manager where i found a stored xss which gets exploited on member profile view which is lead by group name. 🕵️‍♂️ Proof of Concept Video POC: https://drive.google.com/file/d/1oQUZmQfFwaiRUkGYVkJoXxedeSENDbwQ/view?usp=sharing Steps to reproduce: 1...

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description In the repo online invoicing system i found a stored xss which gets exploited on member profile view which is lead by group name. 🕵️‍♂️ Proof of Concept Video POC: https://drive.google.com/file/d/1wUNY4BQyvI5RzutUn8T5KbTRMAIAZOlJ/view?usp=sharing Steps to reproduce: 1. Create a group...

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

✍️ Description There is a stored xss in member profile in the full name 🕵️‍♂️ Proof of Concept Steps to Reproduce: 1. Create a member account. 2. Login into the member account. 3. Enter the s"' payload in the Full Name field. 4. Update the profile and You will see an alert. 💥 Impact Stored XSS...

CVE-2018-10313

WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq10%5D parameter to the /index.php?m=member&f=index&v=profile&setiframe=1 URI...

CVE-2018-10313

WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq10%5D parameter to the /index.php?m=member&f=index&v=profile&setiframe=1 URI...

PaulShop - SQL Injection Cross-Site Scripting

PaulShop - SQL Injection Cross-Site Scripting Exploit Title: PaulShop CMS - Sql Injection and stored XSS Date: 07/23/2017 Exploit Author: BTIS Team http://www.btis.vn Vendor Homepage: https://codecanyon.net/item/paulshop-cms-with-shopping-cart-system/18070714 Version: 03/27/2017 Tested on:...

PHP168 homepage.php/admin/member-profile 敏感信息泄露

No description provided by source...

CVE-2014-9004

Cross-site scripting XSS vulnerability in vldPersonals before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a memberprofile action to index.php...

php168 /template/homepage/default/core/member/profile.html 信息泄漏漏洞

No description provided by source...