CVE-2023-2252

The Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files...

Privilege escalation

The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly validate parameters when updating user details, allowing an unauthenticated attacker to update the details of any user. Updating the password of an Admin user leads to privilege escalation...

CVE-2023-4703 All in One B2B for WooCommerce <= 1.0.3 - Unauthenticated Privilege Escalation

The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly validate parameters when updating user details, allowing an unauthenticated attacker to update the details of any user. Updating the password of an Admin user leads to privilege escalation...

CVE-2023-6991

The JSM filegetcontents Shortcode WordPress plugin before 2.7.1 does not validate one of its shortcode's parameters before making a request to it, which could allow users with contributor role and above to perform SSRF attacks...

CVE-2023-6552 Open redirect in TasmoAdmin

Lack of "current" GET parameter validation during the action of changing a language leads to an open redirect vulnerability...

Improper Web Parameter Validation

httparty is the vulnerability of External Control of Assumed-Immutable Web Parameter. The vulnerability is caused due to The lack of escaping of the " Double-Quote character in Content-Disposition filename. This allows the attacker to modify the application data...

CVE-2023-49666 Billing Software v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'custmerdetails' parameter of the submitmateriallist.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-49625 Billing Software v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partylisteditsubmit.php resource does not validate the characters received and they are sent unfiltered to the database...

VulnCheck KEV: CVE-2022-1386

The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the...

VulnCheck KEV: CVE-2022-0346

The XML Sitemap Generator for Google WordPress plugin before 2.0.4 does not validate a parameter which can be set to an arbitrary value, thus causing XSS via error message or RCE if allowurlinclude is turned on...

PT-2023-31294 · Unknown · Job Portal

Name of the Vulnerable Software and Affected Versions: Job Portal version 1.0 Description: The issue concerns an Unauthenticated SQL Injection vulnerability. Specifically, the txtTime parameter of the "Employer/InsertWalkin.php" resource does not validate the characters received, and they are sen...

PT-2023-29414 · Unknown · Online Examination System

Name of the Vulnerable Software and Affected Versions: Online Examination System version 1.0 Description: The issue concerns multiple Authenticated SQL Injection vulnerabilities. The 'ch' parameter of the "/update.php?q=addqns" resource does not validate the characters received and they are sent...

PT-2023-29417 · Unknown · Online Examination System

Name of the Vulnerable Software and Affected Versions: Online Examination System version 1.0 Description: The issue concerns multiple Authenticated SQL Injection vulnerabilities. Specifically, the fdid parameter of the "/update.php" resource does not validate the characters received, and they are...

PT-2023-29418 · Unknown · Online Examination System

Name of the Vulnerable Software and Affected Versions: Online Examination System version 1.0 Description: The issue concerns multiple Authenticated SQL Injection vulnerabilities. The 'n' parameter of the "/update.php?q=quiz" resource does not validate the characters received, and they are sent...

CVE-2023-25644

There is a denial of service vulnerability in some ZTE mobile internet products. Due to insufficient validation of Web interface parameter, an attacker could use the vulnerability to perform a denial of service attack...

Input validation

There is a denial of service vulnerability in some ZTE mobile internet products. Due to insufficient validation of Web interface parameter, an attacker could use the vulnerability to perform a denial of service attack...

PT-2023-20205 · Zte · Zte Mobile Internet Product

Name of the Vulnerable Software and Affected Versions: ZTE mobile internet products affected versions not specified Description: The issue is related to a denial of service vulnerability in ZTE mobile internet products. It is caused by insufficient validation of the Web interface parameter,...

SQL Injection Vulnerability in DAR-7000 of AUO Electronic Equipment (Shanghai) Co.

DAR-7000 is an Internet Behavior Audit Gateway from AUO Electronic Devices Shanghai Co. AUO DAR-7000 suffers from a SQL injection vulnerability, which originates from the lack of validation of the parameter id of the file /user/inc/workidajax.php for externally entered SQL statements. The...

Mattermost Injection Vulnerability

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from an inability to validate the route parameter in //channels/. An attacker exploiting this vulnerability could access files and directorie...

CVE-2023-46755

Vulnerability of input parameters being not strictly verified in the input. Successful exploitation of this vulnerability may cause the launcher to restart...