GHSA-VXMV-74RF-VQGP Moodle Portfolio forum caller class allows a user to download any file

An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL...

Moodle Portfolio forum caller class allows a user to download any file

An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL...

GeniXCMS SQL injection vulnerability

SQL injection vulnerability in inc/lib/Control/Backend/posts.control.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter to gxadmin/index.php...

CVE-2022-30378

Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/?page=posts/viewpost&id=...

GHSA-96MH-7XPR-QCGW October CMS - RainLab Blog Plugin XSS

The RainLab Blog Plugin used in October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page...

October CMS - RainLab Blog Plugin XSS

The RainLab Blog Plugin used in October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page...

Moodle Cross-site request forgery (CSRF) vulnerability

Cross-site request forgery CSRF vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read...

GHSA-R867-V437-4RRM Moodle Cross-site request forgery (CSRF) vulnerability

Cross-site request forgery CSRF vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read...

EC-CUBE Easy Blog for EC-CUBE4 跨站请求伪造漏洞

EC-CUBE Easy Blog for EC-CUBE4 is a component of the content management system from EC-CUBE Japan. EC-CUBE Easy Blog for EC-CUBE4 1.0.1 and earlier versions are vulnerable to cross-site request forgery, which stems from insufficient authentication of the source of HTTP requests. A remote,...

Simple Social Networking Site SQL注入漏洞

Simple Social Networking Site is a social networking site. Simple Social Networking Site has a security vulnerability that can be exploited by attackers to conduct SQL injection attacks via /sns/admin/?page=posts/viewpost&id=...

CVE-2022-1239

The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the editposts capability by default contributor and above to perform SSRF attacks...

CVE-2022-1239

The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the editposts capability by default contributor and above to perform SSRF attacks...

WordPress plugin HubSpot 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. versions of the WordPress HubSpot plugin prior to 8.8.15 are vulnerable to server-side request...

Warning! Instagram Stories hides a scam in plain sight

When someone finds their social media account compromised, they first think about letting their followers know. And they do. They warn others from reading any strange posts, usually containing a rogue link, before they sort out the matter behind the scenes. Some curious followers who missed these...

CVE-2022-0363

The myCred WordPress plugin before 2.4.3.1 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, managing points or creating arbitrary posts...

WordPress plugin myCred 安全漏洞

WordPress is a set of blogging platform developed using the PHP language. myCred 2.4.4, a WordPress plugin, previously had an authorization issue vulnerability, which stems from the plugin's failure to perform any authorization and CSRF checks in the myCred tool's import and export AJAX operation...

Sourcecodester Baby Care System SQL注入漏洞（CNVD-2022-35527）

Sourcecodester Baby Care System is an application of the Sourcecodester community in the United States. Sourcecodester Baby Care System v1.0 contains a SQL injection vulnerability, which originates from the lack of validation of external input SQL statements in the find= parameter of...

CVE-2022-28424

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&find=...

CVE-2022-28424

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&find=...

CVE-2022-28423

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&action=delete...