CVE-2021-24399 The Sorter <= 1.0 - Authenticated SQL Injection

The checkorder function of The Sorter WordPress plugin through 1.0 uses an areaid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection...

kitForm 0.43 SQL Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Happy easter.. Product: phpManufaktur / kitForm Version: query$SQL; 3. Exploit 1. import httplib2, socks, urllib 2. 3. Change these values 4. target = "http://fbi.gov" 5. S...

WordPress Plugin WP Bannerize 2.8.7 - &#039;ajax_sorter.php&#039; SQL Injection

source: https://www.securityfocus.com/bid/49893/info The WP Bannerize plug-in for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...