CVE-2025-7402

CVE-2025-7402 concerns the Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager for WordPress. A time-based SQL Injection via the site_id parameter exists in all versions up to 4.95 due to insufficient escaping and lack of proper query preparation, enabling unauthenticated attackers to ap...

CVE-2025-7402 Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.95 - Unauthenticated SQL Injection via site_id

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘siteid’ parameter in all versions up to, and including, 4.95 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

EUVD-2020-23359

Malware in sbrugna...

CVE-2023-39359

Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability was discovered which allows authenticated users to perform privilege escalation and remote code execution. The vulnerability resides in the graphs.php file. When dealing wit...

CVE-2021-41836

The Fathom Analytics WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via the $siteid parameter found in the /fathom-analytics.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versio...

CVE-2021-41836

The Fathom Analytics WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via the $siteid parameter found in the /fathom-analytics.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versio...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The Fathom Analytics plugin is a WordPress open source application plugin. A cross-site scripting vulnerability exists in the WordPress Fathom Analytics plugin, which originates in the...

DEBIAN-CVE-2020-35701

An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in datadebug.php allows remote authenticated attackers to execute arbitrary SQL commands via the siteid parameter. This can lead to remote code execution...

CVE-2020-35701

An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in datadebug.php allows remote authenticated attackers to execute arbitrary SQL commands via the siteid parameter. This can lead to remote code execution...

Sql injection

Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the 1 siteid or 2 url parameter...

Directory traversal

Directory traversal vulnerability in passwiki.php in PassWiki 0.9.16 RC3 and earlier allows remote attackers to read arbitrary local files via a .. dot dot in the siteid parameter...

passwiki-lfi.txt

dork: "powered by PassWiki" example: http://w3.funsrv.com/konjo/passwiki/passwiki.php?siteid=../../../../../../../../../../../../../etc/passwd%00 http://inajob.no-ip.org/passwiki/passwiki.php?siteid=../../../../../../../../../../../../../etc/passwd%00 author:[email protected] http://rstzone.org...