SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via improper escaping of query parameters in the metaColumns, metaForeignKeys, or metaIndexes methods when connecting to a sqlite3 database. An attacker can execute arbitrary SQL statements by supplying a crafted table nam...

The ADOdb sqlite3 driver allows SQL injection

Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database and calls the metaColumns, metaForeignKeys or metaIndexes methods with a crafted table name. Note that the indicated Severity corresponds to a...

CVE-2024-8870

The Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. This makes it possible for unauthenticated...

SQL injection in ADOdb PostgreSQL driver pg_insert_id() method

Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pginsertid with user-supplied data. Note that the indicated Severity corresponds to a worst-case usage scenario...

PT-2024-39213 · WordPress · Mailmunch

Name of the Vulnerable Software and Affected Versions: The MailMunch – Grow your Email List plugin for WordPress versions up to, and including, 3.1.8 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the URL. This...