75 matches found
Sql injection
The options.php file of the WP-Board WordPress plugin through 1.1 beta accepts a postid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so ...
CVE-2021-24509 Page View Counts < 2.4.9 - Contributor+ Stored XSS
The Page View Count WordPress plugin before 2.4.9 does not escape the postid parameter of pvcstats shortcode, allowing users with a role as low as Contributor to perform Stored XSS attacks. A post made by a contributor would still have to be approved by an admin to have the XSS triggered in the...
WordPress 跨站脚本漏洞
WordPress is the WordPress Wordpress Foundation's set of blogging platforms developed using the PHP language. A cross-site scripting vulnerability exists in the Page View Count plugin for WordPress prior to 2.4.9, which fails to escape the postid parameter of the pvcstats shortcode, allowing user...
Page View Counts < 2.4.9 - Contributor+ Stored XSS
The plugin does not escape the postid parameter of pvcstats shortcode, allowing users with a role as low as Contributor to perform Stored XSS attacks. A post made by a contributor would still have to be approved by an admin to have the XSS triggered in the frontend, however, higher privilege user...
WordPress wpDiscuz 7.0.4 Shell Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress wpDiscuz Unauthenticated File Upload Vulnerability', 'Description' = %q This module exploits an arbitrary file upload in the WordPress...
Particle Blogger <= 1.2.0 (post.php postid) Remote SQL Injection Exploit
No description provided by source. !-- Particle Blogger All Version Post.PHP PostID Remote SQL Injection Exploit Type : SQL Injection Release Date : 2007-03-16 Product / Vendor : Particle Soft http://blogger.particlesoft.net/ Bug : http://localhost/script/post.php?postid=-SQL Inj- Particle Blogge...
BBlog 0.7.4 PostID Parameter SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13398/info bBlog is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result...
XOOPS Module PopnupBlog <= 2.52 (postid) BLIND SQL Injection Exploit
No description provided by source. html head titleXOOPS Module PopnupBlog = 2.52 postid BLIND SQL Injection Exploit/title script type=text/javascript //'=============================================================================================== //'Script Name: XOOPS Module PopnupBlog = 2.52...
CVE-2012-5919
Multiple cross-site scripting XSS vulnerabilities in Havalite 1.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 find or 2 replace fields to havalite/findReplace.php; 3 username parameter to havalite/havalogin.php, 4 the Edit Article module, or 5 havapost.ph...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Havalite 1.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 find or 2 replace fields to havalite/findReplace.php; 3 username parameter to havalite/havalogin.php, 4 the Edit Article module, or 5 havapost.ph...
Sql injection
SQL injection vulnerability in havapost.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the postId parameter...
CVE-2010-4876
SQL injection vulnerability in viewpost.php in mBlogger 1.0.04 allows remote attackers to execute arbitrary SQL commands via the postID parameter...
Sql injection
SQL injection vulnerability in viewpost.php in mBlogger 1.0.04 allows remote attackers to execute arbitrary SQL commands via the postID parameter...
CVE-2010-4876
SQL injection vulnerability in viewpost.php in mBlogger 1.0.04 allows remote attackers to execute arbitrary SQL commands via the postID parameter...
CVE-2009-3594
Cross-site scripting XSS vulnerability in bpost.php in BLOB Blog System before 1.2 allows remote attackers to inject arbitrary web script or HTML via the postid parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in bpost.php in BLOB Blog System before 1.2 allows remote attackers to inject arbitrary web script or HTML via the postid parameter...
CVE-2009-3594
Cross-site scripting XSS vulnerability in bpost.php in BLOB Blog System before 1.2 allows remote attackers to inject arbitrary web script or HTML via the postid parameter...
CVE-2008-5051
SQL injection vulnerability in the JooBlog comjb2 component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PostID parameter to index.php...
Joomla! Component JooBlog 0.1.1 - PostID SQL Injection
Joomla! Component JooBlog 0.1.1 - PostID SQL Injection Joomla Component comjb2PostID SQL-injetion Vulnerability Author : boom3rang Kosova Hackers Group www.khg-crew.ws Greetz : H!tm@N, KHG, chs, redc00de, LiTTle-Hack3r, L1RIDON1. ! ModuleName: comjb2 ! ScriptName: Joomla ! GoogleDork:...
Joomla Component JooBlog 0.1.1 (PostID) SQL Injection Vulnerability
Exploit for unknown platform in category web applications =================================================================== Joomla Component JooBlog 0.1.1 PostID SQL Injection Vulnerability =================================================================== Joomla Component comjb2PostID...