59423 matches found
WordPress AcyMailing <7.5.0 - Open Redirect
WordPress AcyMailing plugin before 7.5.0 contains an open redirect vulnerability due to improper sanitization of the redirect parameter. An attacker turning the request from POST to GET can craft a link containing a potentially malicious landing page and send it to the user. id: CVE-2021-24288...
Cuppa CMS v1.0 - SQL injection
CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php. id: CVE-2022-27985 info: name: Cuppa CMS v1.0 - SQL injection author: theamanrawat severity: critical description: | CuppaCMS v1.0 was discovered to contain a SQL injection...
Cuppa CMS v1.0 - SQL injection
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/tablemanager/ via the searchword parameter. id: CVE-2022-24264 info: name: Cuppa CMS v1.0 - SQL injection author: theamanrawat severity: high description: | Cuppa CMS v1.0 was discovered to contain...
WebTareas 2.4p5 - SQL Injection
webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php. id: CVE-2022-44291 info: name: WebTareas 2.4p5 - SQL Injection author: theamanrawat severity: critical description: | webTareas 2.4p5 was discovered to contain a SQL injection...
Joomla! Component simpledownload <=0.9.5 - Arbitrary File Retrieval
A directory traversal vulnerability in the SimpleDownload comsimpledownload component before 0.9.6 for Joomla! allows remote attackers to retrieve arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-2122 info: name: Joomla! Component simpledownload =0.9.5 -...
Joomla! Jtag Members Directory 5.3.7 - Local File Inclusion
Joomla! Jtag Members Directory 5.3.7 is vulnerable to local file inclusion via the downloadfile parameter. id: CVE-2018-6008 info: name: Joomla! Jtag Members Directory 5.3.7 - Local File Inclusion author: daffainfo severity: high description: Joomla! Jtag Members Directory 5.3.7 is vulnerable to...
Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection
SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request. id: CVE-2018-6605 info: name: Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection author: DhiyaneshDk severity...
Joomla! Component PicSell 1.0 - Arbitrary File Retrieval
A directory traversal vulnerability in the PicSell compicsell component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the dflink parameter in a prevsell dwnfree action to index.php. id: CVE-2010-3203 info: name: Joomla! Component PicSell 1.0 - Arbitrary File...
Joomla! Component com_blog - Directory Traversal
A directory traversal vulnerability in index.php in the MyBlog commyblog component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the task parameter. id: CVE-2010-1540 info: name: Joomla! Component comblog - Directory Traversal author: daffainfo severity:...
Apache Airflow <1.10.14 - Authentication Bypass
Apache Airflow prior to 1.10.14 contains an authentication bypass vulnerability via incorrect session validation with default configuration. An attacker on site A can access unauthorized Airflow on site B through the site A session. id: CVE-2020-17526 info: name: Apache Airflow 1.10.14 -...
Joomla! RSfiles <=1.0.2 - Local File Inclusion
Joomla! RSfiles 1.0.2 and earlier is susceptible to local file inclusion in index.php in the RSfiles component comrsfiles. This could allow remote attackers to arbitrarily read files via a .. dot dot in the path parameter in a files.display action. id: CVE-2007-4504 info: name: Joomla! RSfiles...
Cuppa CMS v1.0 - SQL injection
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/menu/ via the path=component/menu/&menufilter=3 parameter. id: CVE-2022-24265 info: name: Cuppa CMS v1.0 - SQL injection author: theamanrawat severity: high description: | Cuppa CMS v1.0 was...
Balbooa Forms < 2.4.1 - Unauthenticated Arbitrary File Upload
Joomla Balbooa Forms contains an unrestricted file upload vulnerability caused by lack of authentication checks, letting unauthenticated attackers upload executable files and achieve remote code execution. id: CVE-2026-56291 info: name: Balbooa Forms 2.4.1 - Unauthenticated Arbitrary File Upload...
Cuppa CMS v1.0 - Authenticated Local File Inclusion
The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using function parameter value as LFI payload. id: CVE-2022-37191 info: name: Cuppa CMS v1.0 - Authenticated Local File Inclusion author: theamanrawat...
Cuppa CMS v1.0 - Cross Site Scripting
Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /tablemanager/view/cuusergroups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function. id: CVE-2022-38295...
Cuppa CMS v1.0 - SQL injection
CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menufilter parameter at /administrator/templates/default/html/windows/right.php. id: CVE-2022-27984 info: name: Cuppa CMS v1.0 - SQL injection author: theamanrawat severity: critical description: | CuppaCMS v1.0 was...
WebTareas 2.4p5 - SQL Injection
webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php. id: CVE-2022-44290 info: name: WebTareas 2.4p5 - SQL Injection author: theamanrawat severity: critical description: | webTareas 2.4p5 was discovered to contain a SQL injection...
Simple Task Managing System v1.0 - SQL Injection
SQL injection occurs when a web application doesn't properly validate or sanitize user input that is used in SQL queries. Attackers can exploit this by injecting malicious SQL code into the input fields of a web application, tricking the application into executing unintended database queries. id:...
Seo By 10Web < 1.2.7 - Cross-Site Scripting
The SEO by 10Web WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. id:...
Zoho ManageEngine ADAudit Plus <7600 - XML Entity Injection/Remote Code Execution
Zoho ManageEngine ADAudit Plus before version 7060 is vulnerable to an unauthenticated XML entity injection attack that can lead to remote code execution. id: CVE-2022-28219 info: name: Zoho ManageEngine ADAudit Plus 7600 - XML Entity Injection/Remote Code Execution author: dwisiswant0 severity:...