7195 matches found
Membership Management System 1.0 SQL Injection
Title: Membership Management System - SQL injection - Application: Hospital Management System - Date: 01.03.2024 - Bugs: SQL injection - Exploit Author: SoSPiro - Vendor Homepage: https://codeastro.com/author/nbadmin/ - Software Link:...
CVE-2024-0658
The Insert PHP Code Snippet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user's name when accessing the insert-php-code-snippet-manage page in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible f...
Cross site scripting
The Insert PHP Code Snippet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user's name when accessing the insert-php-code-snippet-manage page in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible f...
WordPress Plugin Insert PHP Code Snippet Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
Flashcard Quiz App v1.0 - (card) SQL Injection Vulnerability
Exploit Title: Flashcard Quiz App v1.0 - 'card' SQL Injection Application: Flashcard Quiz App Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/17160/flashcard-quiz-app-using-php-and-mysql-source-code.htm...
Flashcard Quiz App 1.0 SQL Injection
Exploit Title: Flashcard Quiz App - SQL Injection Google Dork: N/A Application: Flashcard Quiz App Date: 25.02.2024 Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
CVE-2024-25415
A remote code execution RCE vulnerability in /admin/definelanguage.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php...
CVE-2024-25415
A remote code execution RCE vulnerability in /admin/definelanguage.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php...
Remote code execution
A remote code execution RCE vulnerability in /admin/definelanguage.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php...
CVE-2024-25415
A remote code execution RCE vulnerability in /admin/definelanguage.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php...
CVE-2024-25415
A remote code execution RCE vulnerability in /admin/definelanguage.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php...
Exploit for Unrestricted Upload of File with Dangerous Type in Cutephp Cutenews
sadnews CuteNews 2.1.2 - CVE-2019-11447 Proof-Of-Concept POC...
Design/Logic Flaw
The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the renderactiontemplate parameter. This makes it possible for unauthenticated attacker to include and execute PHP...
CVE-2023-6989
The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the renderactiontemplate parameter. This makes it possible for unauthenticated attacker to include and execute PHP...
CVE-2024-0844
The Popup More Popups, Lightboxes, and more popup modules plugin for WordPress is vulnerable to Local File Inclusion in version 2.1.6 via the ycfChangeElementData function. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute...
Design/Logic Flaw
The Popup More Popups, Lightboxes, and more popup modules plugin for WordPress is vulnerable to Local File Inclusion in version 2.1.6 via the ycfChangeElementData function. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute...
PT-2024-15861 · WordPress · Popup More Popups
Name of the Vulnerable Software and Affected Versions: The Popup More Popups, Lightboxes, and more popup modules plugin for WordPress version 2.1.6 Description: The issue allows authenticated attackers with administrator-level access and above to include and execute arbitrary files ending with...
CVE-2024-24399
An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area...
CVE-2024-24399
An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area...
CVE-2024-24399
An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area...