CVE-2021-25030

The Events Made Easy WordPress plugin before 2.2.36 does not sanitise and escape the searchtext parameter before using it in a SQL statement via the emesearchmail AJAX action, available to any authenticated users. As a result, users with a role as low as subscriber can call it and perform SQL...

WordPress Plugin Events Made Easy SQL Injection Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress plugin Events Made Easy. The vulnerability stems from the program not properly filtering and...

apons.eu XSS vulnerability

Open Bug Bounty ID: OBB-669839 Description| Value ---|--- Affected Website:| apons.eu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

lismusica.pt XSS vulnerability

Open Bug Bounty ID: OBB-320210 Description| Value ---|--- Affected Website:| lismusica.pt Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Sql injection

SQL injection vulnerability in system/application/controllers/catalog.php in Zoki Soft Zoki Catalog aka Smart Catalog allows remote attackers to execute arbitrary SQL commands via the searchtext parameter. NOTE: some of these details are obtained from third party information...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in search.php in cpLinks 1.03 allow remote attackers to inject arbitrary web script or HTML via the 1 searchtext and 2 searchcategory parameters. NOTE: the XSS reportedly occurs in a forced SQL error message. NOTE: some of these details are obtain...

CVE-2008-2181

Multiple cross-site scripting XSS vulnerabilities in search.php in cpLinks 1.03 allow remote attackers to inject arbitrary web script or HTML via the 1 searchtext and 2 searchcategory parameters. NOTE: the XSS reportedly occurs in a forced SQL error message. NOTE: some of these details are obtain...

CVE-2008-2180

Multiple SQL injection vulnerabilities in cpLinks 1.03, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 adminusername parameter aka the username field to admin/index.php and the 2 searchtext and 3 searchcategory parameters to search.php. NOTE:...

CVE-2008-2180

Multiple SQL injection vulnerabilities in cpLinks 1.03, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 adminusername parameter aka the username field to admin/index.php and the 2 searchtext and 3 searchcategory parameters to search.php. NOTE:...