12 matches found
EUVD-2021-11537
Malware in sbrugna...
WordPress SpiderCatalog plugin SQL injection vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress SpiderCatalog plugin 1.7.3 and earlier versions, which stems...
CVE-2021-24625
The SpiderCatalog WordPress plugin through 1.7.3 does not sanitise or escape the 'parent' and 'ordering' parameters from the admin dashboard before using them in a SQL statement, leading to a SQL injection when adding a category...
CVE-2021-24625
The SpiderCatalog WordPress plugin through 1.7.3 does not sanitise or escape the 'parent' and 'ordering' parameters from the admin dashboard before using them in a SQL statement, leading to a SQL injection when adding a category...
Sql injection
The SpiderCatalog WordPress plugin through 1.7.3 does not sanitise or escape the 'parent' and 'ordering' parameters from the admin dashboard before using them in a SQL statement, leading to a SQL injection when adding a category...
CVE-2021-24625 SpiderCatalog <= 1.7.3 - Admin+ SQL Injection
The SpiderCatalog WordPress plugin through 1.7.3 does not sanitise or escape the 'parent' and 'ordering' parameters from the admin dashboard before using them in a SQL statement, leading to a SQL injection when adding a category...
CVE-2021-24625
The CVE-2021-24625 entry concerns the WordPress plugin SpiderCatalog (versions ≤ 1.7.3). The vulnerability stems from unsanitized/uncleaned the 'parent' and 'ordering' parameters in admin actions, which are directly used in a SQL statement, enabling SQL injection when adding categories. Impact st...
WordPress SQL注入漏洞
WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress SpiderCatalog plugin 1.7.3 and earlier versions, which stems...
SpiderCatalog <= 1.7.3 - Admin+ SQL Injection
The plugin does not sanitise or escape the 'parent' and 'ordering' parameters from the admin dashboard before using them in a SQL statement, leading to a SQL injection when adding a category PoC https://plugins.trac.wordpress.org/browser/catalog/trunk/Categories.phpL320 POST...
SpiderCatalog <= 1.7.3 - Admin+ SQL Injection
The plugin does not sanitise or escape the 'parent' and 'ordering' parameters from the admin dashboard before using them in a SQL statement, leading to a SQL injection when adding a category https://plugins.trac.wordpress.org/browser/catalog/trunk/Categories.phpL320 POST...
WordPress SpiderCatalog plugin <= 1.7.3 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered by Shreya Pohekar Codevigilant Project in WordPress SpiderCatalog plugin versions = 1.7.3. Solution Deactivate and delete. This plugin has been closed as of June 18, 2021 and is not available for download. Reason: Security Issue...
Joomla com_SpiderCatalog插件 1.1 SQL注入漏洞
No description provided by source...