Lucene search
K

1666 matches found

wpexploit
wpexploit
added 2021/04/05 12:0 a.m.93 views

Simple Membership < 4.0.4 - Authenticated SQL Injections

The plugin did not properly sanitise user input before using it in SQL queries in the admin backend, leading to authenticated admin+ SQL injections GET /wp/wp-admin/admin.php?status=&membershiplevel=&s=hhhh%27%20OR%20SLEEP%281%29%20OR%20firstname%20LIKE%20%27%25i%0A&page=simplewpmembership HTTP/1...

1AI score
Exploits1References1
NVD
NVD
added 2021/03/18 3:15 p.m.21 views

CVE-2021-24143

Unvalidated input in the AccessPress Social Icons plugin, versions before 1.8.1, did not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injections...

8.8CVSS0.01255EPSS
Exploits1References1
NVD
NVD
added 2021/03/18 3:15 p.m.25 views

CVE-2021-24142

Unvaludated input in the 301 Redirects - Easy Redirect Manager WordPress plugin, versions before 2.51, did not sanitise its "Redirect From" column when importing a CSV file, allowing high privilege users to perform SQL injections...

7.2CVSS0.01238EPSS
Exploits1References1
OSV
OSV
added 2021/03/18 3:15 p.m.4 views

CVE-2021-24131

Unvalidated input in the Anti-Spam by CleanTalk WordPress plugin, versions before 5.149, lead to multiple authenticated SQL injection vulnerabilities, however, it requires high privilege user admin+...

7.2CVSS7.1AI score0.01444EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2021/03/08 12:0 a.m.29 views

SuperStoreFinder & SuperInteractiveMaps - Unauthenticated SQL Injections

The ssf-social-action.php and sim-wp-data.php files from the respective superstorefinder-wp = 5.0.12 AND time-based blind query SLEEP Payload: action=selectwpid=1 AND SELECT 7900 FROM SELECTSLEEP5gxXh Type: UNION query Title: Generic UNION query NULL - 7 columns Payload: action=selectwpid=1 UNION...

1.7AI score
Exploits0References3Affected Software2
NVD
NVD
added 2021/03/02 7:15 p.m.26 views

CVE-2020-28657

In bPanel 2.0, the administrative ajax endpoints aka ajax/aj.php are accessible without authentication and allow SQL injections, which could lead to platform compromise...

9.8CVSS0.01668EPSS
Exploits0References1
wpexploit
wpexploit
added 2021/02/08 12:0 a.m.143 views

Contact Form by Supsystic < 1.7.11 - Authenticated SQL Injections

The GET parameters sidx and sord were used in a SQL statement without being sanitised when searching for Forms in the dashboard, leading to an authenticated SQL Injection issues...

1.2AI score
Exploits0References1
wpexploit
wpexploit
added 2021/02/08 12:0 a.m.172 views

Pricing Table by Supsystic < 1.8.9 - Authenticated SQL Injections

The GET parameter sidx and sord are used in a SQL statement without being sanitised when searching for pricing tables in the dashboard, leading to an authenticated SQL Injection issues...

0.6AI score
Exploits0References1
Kitploit
Kitploit
added 2020/12/22 8:30 p.m.57 views

Grawler - Tool Which Comes With A Web Interface That Automates The Task Of Using Google Dorks, Scrapes The Results, And Stores Them In A File

Grawler is a tool written in PHP which comes with a web interface that automates the task of using google dorks, scrapes the results, and stores them in a file. General info Grawler aims to automate the task of using google dorks with a web interface, the main idea is to provide a simple yet...

7.8AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2020/11/20 12:0 a.m.21 views

Anti-Spam by CleanTalk < 5.149 - Multiple Authenticated SQL Injections

Multiple authenticated SQL injections in the Anti-Spam by CleanTalk plugin 5.148 exist, however, it requires high privilege user admin+. PoC Vulnerable functions: removeLogs and removeSpam at: lib/Cleantalk/ApbctWP/FindSpam/ListTable/Users.php Sleep query: POST...

2.1AI score0.01444EPSS
Exploits2References1Affected Software1
Hacker One
Hacker One
added 2020/10/26 5:0 a.m.89 views

U.S. Dept Of Defense: [████] SQL Injections on Referer Header exploitable via Time-Based method

Summary: SQL Injections on Referer Header exploitable via Time-Based method Description: https://owasp.org/www-community/attacks/SQLInjection Impact https://owasp.org/www-community/attacks/SQLInjection Step-by-step Reproduction Instructions First, vulnerable points:...

7.3AI score
Exploits0
Hacker One
Hacker One
added 2020/09/03 3:23 p.m.20 views

Mail.ru: Multiple SQL Injections and constrained LFI in esk-static.3igames.mail.ru

SQL Injections in esk-static.3igames.mail.ru due to unsafe usage of GET parameters...

3.4AI score
Exploits0
Gitee
Gitee
added 2020/09/01 9:22 a.m.6 views

Vxscan

This is a Python script for a comprehensive scanning tool called Vxscan. The tool is designed to perform various scans on a target, including sensitive file detection, WAF/CDN identification, port scanning, fingerprint/service identification, operating system identification, weak password...

7.6AI score
Exploits0
OSV
OSV
added 2020/04/29 10:15 p.m.13 views

CVE-2020-11942

An issue was discovered in Open-AudIT 3.2.2. There are Multiple SQL Injections...

9.8CVSS7.5AI score
Exploits0References2
CVE
CVE
added 2020/04/29 9:16 p.m.46 views

CVE-2020-11942

Open-AudIT 3.2.2 contains SQL injection in device scripts via unsanitized parameters system.class and system.discovery_id, enabling an attacker to modify or execute arbitrary SQL statements (e.g., via crafted requests to /devices). PoC shows TRUE/FALSE payloads returning different response sizes,...

9.8CVSS9.7AI score0.01237EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/04/29 9:16 p.m.18 views

CVE-2020-11942

An issue was discovered in Open-AudIT 3.2.2. There are Multiple SQL Injections...

9.8AI score0.01237EPSS
Exploits1References2
WPVulnDB
WPVulnDB
added 2020/04/25 12:0 a.m.9 views

Duplicate Page and Post < 2.5.7 & WP Post Page Clone < 1.1 - SQL Injections due to Duplicated Snippets

SQL Injections in the Duplicate Post, WP Post Page Clone, Duplicate Page and Post plugins, due to using the snippet piece of code. The issue in the duplicate-post was already added, at https://wpvulndb.com/vulnerabilities/9251...

0.2AI score
Exploits0References1Affected Software2
Mageia
Mageia
added 2020/04/01 1:56 a.m.38 views

Updated phpmyadmin packages fix security vulnerability

Some SQL injections via table names and parameters were fixed...

8CVSS5AI score0.02694EPSS
Exploits0References2
CVE
CVE
added 2020/03/18 6:40 a.m.47 views

CVE-2020-3922

CVE-2020-3922 affects LisoMail by ArmorX. The vulnerability is an SQL injection via a URL parameter manipulation that allows attackers to access the database without authentication. According to the supplied data, CVSS vectors indicate a NETWORK attack with HIGH/CRITICAL impact (CVSS v3.1: 9.8; c...

9.8CVSS9.8AI score0.01467EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2020/02/18 7:15 p.m.5 views

CVE-2020-9265

phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections against the deluser.php Delete User functionality, as demonstrated by pmcusername...

8.2CVSS7.3AI score0.01457EPSS
Exploits1References1
Rows per page
Query Builder