CVE-2025-7402

CVE-2025-7402 concerns the Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager for WordPress. A time-based SQL Injection via the site_id parameter exists in all versions up to 4.95 due to insufficient escaping and lack of proper query preparation, enabling unauthenticated attackers to ap...

CVE-2025-7402 Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.95 - Unauthenticated SQL Injection via site_id

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘siteid’ parameter in all versions up to, and including, 4.95 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

EUVD-2020-23359

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-35701

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in datadebug.php allows remote authenticated attackers to execute arbitrary...

CVE-2023-39359

CVE-2023-39359 affects the Cacti monitoring framework. An authenticated SQL injection exists in the graphs.php handler (ajax_hosts / ajax_hosts_noany) where a non-zero site_id is reflected in the WHERE clause, enabling privilege escalation and remote code execution per the cited description. The ...

CVE-2023-39359

Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability was discovered which allows authenticated users to perform privilege escalation and remote code execution. The vulnerability resides in the graphs.php file. When dealing wit...

CVE-2021-4253

A vulnerability, which was classified as problematic, was found in ctrlo lenio. Affected is an unknown function in the library lib/Lenio.pm of the component Ticket Handler. The manipulation of the argument siteid leads to cross site scripting. It is possible to launch the attack remotely. The nam...

CVE-2021-41836

The Fathom Analytics WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via the $siteid parameter found in the /fathom-analytics.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versio...

CVE-2021-41836

The Fathom Analytics WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via the $siteid parameter found in the /fathom-analytics.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versio...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The Fathom Analytics plugin is a WordPress open source application plugin. A cross-site scripting vulnerability exists in the WordPress Fathom Analytics plugin, which originates in the...

DEBIAN-CVE-2020-35701

An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in datadebug.php allows remote authenticated attackers to execute arbitrary SQL commands via the siteid parameter. This can lead to remote code execution...

CVE-2020-35701

An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in datadebug.php allows remote authenticated attackers to execute arbitrary SQL commands via the siteid parameter. This can lead to remote code execution...

Sql injection

Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the 1 siteid or 2 url parameter...

Directory traversal

Directory traversal vulnerability in passwiki.php in PassWiki 0.9.16 RC3 and earlier allows remote attackers to read arbitrary local files via a .. dot dot in the siteid parameter...

PassWiki 0.9.16 RC3 - site_id Local File Inclusion

PassWiki 0.9.16 RC3 - siteid Local File Inclusion dork: "powered by PassWiki" example: http://w3.funsrv.com/konjo/passwiki/passwiki.php?siteid=../../../../../../../../../../../../../etc/passwd%00...

passwiki-lfi.txt

dork: "powered by PassWiki" example: http://w3.funsrv.com/konjo/passwiki/passwiki.php?siteid=../../../../../../../../../../../../../etc/passwd%00 http://inajob.no-ip.org/passwiki/passwiki.php?siteid=../../../../../../../../../../../../../etc/passwd%00 author:[email protected] http://rstzone.org...