11 matches found
CVE-2023-6987
The String locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sql-column' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
CVE-2023-6987
The String locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sql-column' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
CVE-2023-6987
The String locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sql-column' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
WordPress plugin String locator 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-15161 · WordPress · String Locator Plugin
Name of the Vulnerable Software and Affected Versions: String locator plugin for WordPress versions up to, and including, 2.6.5 Description: The issue is related to Reflected Cross-Site Scripting via the sql-column parameter due to insufficient input sanitization and output escaping. This allows...
Vikingboard 0.2 Beta - 'register.php' SQL Column Truncation Unauthorized Access
source: https://www.securityfocus.com/bid/31408/info Vikingboard is prone to an unauthorized-access vulnerability. Successfully exploiting this issue can allow attackers to register and log in as existing users. Vikingboard 0.2 Beta is vulnerable; other versions may also be affected. The followin...
CVE-2008-4106
WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the userlogin column, and does not properly handle space characters when comparing usernames, which allows remote attackers to change an arbitrary user's...
CVE-2008-4106
WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the userlogin column, and does not properly handle space characters when comparing usernames, which allows remote attackers to change an arbitrary user's...
About MySQL SQL Column Truncation Vulnerabilities-vulnerability warning-the black bar safety net
By:thorn Stefan Esser today wrote a great article, mentioned about MySQL in the two defect 1. maxpacketsize problems 2. SQL Column Truncation attack I tested the second one. According to the paper in the description, when the mysql sqlmode is set to default, i.e. no turn on STRICTALLTABLES...
WordPress 2.6.1 - SQL Column Truncation
WordPress 2.6.1 - SQL Column Truncation WordPress 2.6.1 SQL Column Truncation Vulnerability PoC found by irk4zatyahoo.pl homepage: http://irk4z.wordpress.com/ this is not critical vuln ; first, read this discovery: http://www.suspekt.org/2008/08/18/mysql-and-sql-column-truncation-vulnerabilities/...
Wordpress 2.6.1 SQL Column Truncation Vulnerability
Exploit for unknown platform in category web applications =================================================== Wordpress 2.6.1 SQL Column Truncation Vulnerability =================================================== WordPress 2.6.1 SQL Column Truncation Vulnerability PoC this is not critical vuln ;...