Sql injection

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the currentpagetype parameter found in the /includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain...

Sql injection

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the currentpageid parameter found in the /includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain...

CVE-2021-4134

CVE-2021-4134 relates to the Fancy Product Designer WordPress plugin. The vulnerability is a SQL injection caused by insufficient escaping/parameterization of the ID parameter in the file ~/inc/api/class-view.php, affecting versions up to and including 4.7.4. The issue is exploitable by attackers...

WP Statistics < 13.1.6 - Unauthenticated Blind SQL Injection via current_page_type

The is vulnerable to SQL Injection due to insufficient escaping and parameterization of the currentpagetype parameter found in the /includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information...

CVE-2020-11496

Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers with access to engineering data to insert arbitrary code. This firmware lacks the validation of the input values on the device side, which is provided by the engineering software during parameterization. Attackers with access ...

ezs (>=5.5.0 <=9.3.1), hoppel (=0.4.0) +3 more potentially affected by unknown CVE via notevil (>=0.8.1 <=1.3.1)

notevil NPM version =0.8.1, =5.5.0, =1.0.0, =0.1.0, =0.2.0 - piedpiper-middle-out =5.8.1 Source cves: unknown CVE Source advisory: OSV:GHSA-7R5F-7QR4-PF6Q...

HP Virtual Table Server Detection

An HP Virtual Table Server VTS is listening on the remote host. VTS offers an alternative to standard parameterization for load and performance testing, and it is a component of HP LoadRunner and HP Performance Center. C Tenable Network Security, Inc. include"compat.inc"; if description...

逐浪CMS2个文件两个注入5处问题代码 另附其他注入绕过方式

简要描述： 厂商目前在安全方面已经下狠功夫了，虽然很多都参数化了以及数据类型的转换 但是难免会有遗漏，还望继续努力 详细说明： 注入点一 ： 文件 User/UserZone/StructView.aspx 参数：ID 后台代码片段： None 漏洞证明： 注入一 注入二...

Joomla! 'jform'参数HTML注入漏洞

Bugtraq ID:65932 Joomla!是一套在国外相当知名的内容管理系统。 Joomla!不正确过滤'jform'参数的数据，允许远程攻击者利用漏洞构建恶意URI，诱使用户解析，可获得敏感Cookie，劫持会话或在客户端上进行恶意操作。 0 Joomla! 3.2.2 目前没有详细解决方案提供： http://www.joomla.org ---request--- POST /k/cms/joomla/index.php/single-contact HTTP/1.1 Host: 10.149.14.62 ... Content-Length: 288...

Hastymail rs parameter command injection

Added: 12/28/2011 CVE: CVE-2011-4542 BID: 50791 OSVDB: 77331 Background Hastymail is a fast, secure, rfc-compliant, cross-platform IMAP/SMTP client application written in PHP providing a clean web interface for sending and reading E-mail. Problem Hastymail2 fails to properly sanitize user-supplie...