20 matches found
CVE-2021-47872
SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'ordercol' parameter. Attackers can use sqlmap to exploit the vulnerability and extract database information by...
CVE-2021-47872
SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'ordercol' parameter. Attackers can use sqlmap to exploit the vulnerability and extract database information by...
CVE-2021-47872
SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'ordercol' parameter. Attackers can use sqlmap to exploit the vulnerability and extract database information by...
EUVD-2026-3613
SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'ordercol' parameter. Attackers can use sqlmap to exploit the vulnerability and extract database information by...
CVE-2021-47872 SEO Panel < 4.9.0 - 'order_col' Blind SQL Injection
SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'ordercol' parameter. Attackers can use sqlmap to exploit the vulnerability and extract database information by...
CVE-2021-47872
SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'ordercol' parameter. Attackers can use sqlmap to exploit the vulnerability and extract database information by...
CVE-2021-47872
CVE-2021-47872 affects SEO Panel versions prior to 4.9.0. The vulnerability is a blind SQL injection in archive.php exposed through the order_col parameter, allowing authenticated attackers to influence database queries and extract data. Exploitation guidance in the documentation references sqlma...
GHSA-38CW-85XC-XR9X Veramo is Vulnerable to SQL Injection in Veramo Data Store ORM
Summary An SQL injection vulnerability exists in the @veramo/data-store package that allows any authenticated user to execute arbitrary SQL queries against the database. The vulnerability is caused by insufficient validation of the column parameter in the order array of query requests. Details...
SQL Injection
Overview @veramo/data-store is a Veramo data storage plugin based on TypeORM database drivers Affected versions of this package are vulnerable to SQL Injection via insufficient validation of the column parameter in the order array processed by the decorateQB function. An attacker can execute...
SQL Injection
Overview @veramo/core-types is a Veramo Core Logic & Interfaces. Affected versions of this package are vulnerable to SQL Injection via insufficient validation of the column parameter in the order array processed by the decorateQB function. An attacker can execute arbitrary SQL queries and access...
Veramo is Vulnerable to SQL Injection in Veramo Data Store ORM
Summary An SQL injection vulnerability exists in the @veramo/data-store package that allows any authenticated user to execute arbitrary SQL queries against the database. The vulnerability is caused by insufficient validation of the column parameter in the order array of query requests. Details...
CVE-2021-39413
Multiple Cross Site Scripting XSS vulnerabilities exits in SEO Panel v4.8.0 via the 1 totime parameter in a backlinks.php, b analytics.php, c log.php, d overview.php, e pagespeed.php, f rank.php, g review.php, h saturationchecker.php, i socialmedia.php, and j reports.php; the 2 fromtime parameter...
Cross site scripting
Multiple Cross Site Scripting XSS vulnerabilities exits in SEO Panel v4.8.0 via the 1 totime parameter in a backlinks.php, b analytics.php, c log.php, d overview.php, e pagespeed.php, f rank.php, g review.php, h saturationchecker.php, i socialmedia.php, and j reports.php; the 2 fromtime parameter...
Activity Log < 2.7.0 - Authenticated SQL Injection
The plugin was vulnerable to SQL Injection in the order column of the past events table. PoC time curl 'http://www.example.com/wp-admin/admin.php?page=activitylogpage=histtime%20AND%20SLEEP%280%29' -H 'Cookie: ...'...
PT-2021-17861 · Seo Panel · Seo Panel
Name of the Vulnerable Software and Affected Versions: SEO Panel version 4.8.0 Description: The issue concerns a time-based blind SQL injection vulnerability in the order col parameter of the archive.php file. This vulnerability allows an attacker to retrieve all databases. Recommendations: For S...
SEO Panel SQL注入漏洞
SEO Panel is a free, open source SEO optimization software. A temporal SQL blind injection vulnerability exists in the ordercol parameter in archive.php in Seo Panel version 4.8.0. An attacker can exploit this vulnerability to retrieve all databases...
Quest Software KACE Systems Management Appliance Server Center SQL Injection Vulnerability (CNVD-2020-20170)
Quest Software KACE Systems Management Appliance SMA is a systems management appliance from Quest Software, USA. It supports IT asset management, server management and monitoring, software license management, patch management, etc. Server Center is one of the help desk programs. Quest Software KA...
CVE-2019-12918
Quest KACE Systems Management Appliance Server Center version 9.1.317 is vulnerable to SQL injection. The affected file is softwarelibrary.php and affected parameters are order0column and order0dir...
CVE-2019-13076
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /userui/ticketlist.php, and affected parameters are order0column and order0dir...
CVE-2019-13076
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /userui/ticketlist.php, and affected parameters are order0column and order0dir...