233 matches found
CVE-2023-2237
The WP Replicate Post plugin for WordPress is vulnerable to SQL Injection via the postid parameter in versions up to, and including, 4.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
Sql injection
The WP Replicate Post plugin for WordPress is vulnerable to SQL Injection via the postid parameter in versions up to, and including, 4.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2023-2237
CVE-2023-2237 affects the WordPress plugin WP Replicate Post (WordPress plugin). The vulnerability is an SQL Injection in the post_id parameter, present in versions up to and including 4.0.2, caused by insufficient escaping of user input and inadequate preparation of the SQL query. Exploitation i...
WordPress Plugin WP Replicate Post SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin WP Replica...
WordPress WP Replicate Post Plugin <= 4.0.2 is vulnerable to SQL Injection
Software WP Replicate Post Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-2237 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 93caeb59c55f Credits Marco Wotschka Required privilege Contributor...
idm:DL1 and idm:client security, bug fix, and enhancement update
bind-dyndb-ldap 11.3-1 - New upstream release - Resolves: rhbz1845211 ipa 4.8.7-12.0.1 - Set IPAPLATFORM=rhel when build on Oracle Linux Orabug: 29516674 4.8.7-12 - Require selinux sub package in the proper version Related: RHBZ1868432 - SELinux: do not double-define nodet and pkitomcatcertt...
GHSA-GCFC-MGG3-8J2C Malicious Package in sdfjghlkfjdshlkjdhsfg
All versions of sdfjghlkfjdshlkjdhsfg contain malicious code. The package is essentially a worm that fetches all packages owned by the user, adds a script to self-replicate as a preinstall script and publishes a new version. Recommendation Remove the package from your environment and ensure all...
Malicious Package in sdfjghlkfjdshlkjdhsfg
All versions of sdfjghlkfjdshlkjdhsfg contain malicious code. The package is essentially a worm that fetches all packages owned by the user, adds a script to self-replicate as a preinstall script and publishes a new version. Recommendation Remove the package from your environment and ensure all...
replicate-project.eu Improper Access Control vulnerability
Open Bug Bounty ID: OBB-635244 Description| Value ---|--- Affected Website:| replicate-project.eu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Other Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...
YouYaX最新版存储型XSS漏洞(demo复现)
简要描述: RT 详细说明: 在回复消息处 cookie也可以获取 漏洞证明: 在回复消息处 cookie也可以获取...
SAP SQL Anywhere .NET Data Provider Code Execution Vulnerabilities
This allows attackers to execute arbitrary code on applications which pass user provided data to the vulnerable API in SAP SQL Anywhere. The specific flaw exists within the handling of the REPLICATE function. If an application allows untrusted input to be used as the length of a REPLICATE functio...
SAP SQL Anywhere .NET Data Provider REPLICATE Function Heap Overflow Code Execution Vulnerability
This allows attackers to execute arbitrary code on applications which pass user provided data to the vulnerable API in SAP SQL Anywhere. The specific flaw exists within the handling of the REPLICATE function. If an application allows untrusted input to be used as the length of a REPLICATE functio...
Customized variables whose values are hidden passwords are unmasked revealing the password in the build summary
Step to replicate Create two variables passworder and Passworder notice p with caps Run a customize build overridden the contents of the field While the fields remains hidden in the metadata as expected, the variable with capital P has it values revealed in the build summary see screenshot...