CVE-2021-25030

The Events Made Easy WordPress plugin before 2.2.36 does not sanitise and escape the searchtext parameter before using it in a SQL statement via the emesearchmail AJAX action, available to any authenticated users. As a result, users with a role as low as subscriber can call it and perform SQL...

WordPress Plugin Events Made Easy SQL Injection Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress plugin Events Made Easy. The vulnerability stems from the program not properly filtering and...

Sql injection

SQL injection vulnerability in system/application/controllers/catalog.php in Zoki Soft Zoki Catalog aka Smart Catalog allows remote attackers to execute arbitrary SQL commands via the searchtext parameter. NOTE: some of these details are obtained from third party information...

CVE-2008-2180

Multiple SQL injection vulnerabilities in cpLinks 1.03, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 adminusername parameter aka the username field to admin/index.php and the 2 searchtext and 3 searchcategory parameters to search.php. NOTE:...