WordPress plugin Top 10 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress plugin Login Logout Menu 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress plugin Compact WP Audio Player 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers. relevant is a relevant content display plugin used in it. wordpress plugin is an...

CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection

Impact The Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable to SQL injection if passed un-sanitized user request data. Patches This issue has been fixed in 4.2.12, 4.3.11, 4.4.10 Workarounds Using CakePHP's Pagination library will mitigate this issue, as will...

UBUNTU-CVE-2023-22727

CakePHP is a development framework for PHP web apps. In affected versions the Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to...

Sql injection

CakePHP is a development framework for PHP web apps. In affected versions the Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to...

CVE-2023-22727 Database Query::offset() and limit() vulnerable to SQL injection in cakephp

CakePHP is a development framework for PHP web apps. In affected versions the Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to...

PT-2023-14788 · Apache · Apache Dolphinscheduler

Name of the Vulnerable Software and Affected Versions: Apache DolphinScheduler versions 3.0.1 and prior versions Apache DolphinScheduler versions 3.1.0 and prior versions Description: The issue is related to improper validation of script alert plugin parameters in Apache DolphinScheduler, which c...

CVE-2022-43437

The Download function’s parameter of EasyTest has insufficient validation for user input. A remote attacker authenticated as a general user can inject arbitrary SQL command to access, modify or delete database...

GHSA-W9RV-XMF7-X3GH Apache Kylin vulnerable to Command injection by Diagnosis Controller

Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request...

Apache Kylin vulnerable to Command injection by Diagnosis Controller

Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request...

CVE-2022-44621

Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request...

CVE-2022-44621

Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request...

Command injection

Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request...

CVE-2022-44621

CVE-2022-44621 relates to Apache Kylin and concerns the Diagnosis Controller. The underlying issue is missing parameter validation in the controller, enabling potential command injection through HTTP requests. Multiple sources describe this as a high-severity, remote-execution risk (CVSS v3.1 bas...

CVE-2022-44621 Apache Kylin: Command injection by Diagnosis Controller

Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request...

CVE-2022-44621 Apache Kylin: Command injection by Diagnosis Controller

Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request...

The vulnerability of the FsCreateDir function in the Ajax web interface for managing WLAN client software Hirschmann BAT-C2 allows a hacker to execute arbitrary commands.

The vulnerability of the FsCreateDir function in the Ajax web interface for managing WLAN client software Hirschmann BAT-C2 is related to insufficient checking of arguments passed in the command. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using the dir...

PT-2022-27265 · Unknown · Diagnosis Controller

Name of the Vulnerable Software and Affected Versions: Diagnosis Controller affected versions not specified Description: The issue concerns a lack of parameter validation in the Diagnosis Controller, which can be exploited through command injection via HTTP Request. This allows an attacker to...

PT-2022-27735 · Unknown · Sourcecodester Covid-19 Directory On Vaccination System

Name of the Vulnerable Software and Affected Versions: Sourcecodester Covid-19 Directory on Vaccination System version 1.0 Description: The issue is related to a Cross-Site Scripting XSS vulnerability. This vulnerability occurs because the program does not verify the txtvaccinationID parameter in...