CVE-2024-0786 Conversios <= 7.0.7 - Authenticated (Subscriber+) SQL Injection via ee_syncProductCategory

The Conversios – Google Analytics 4 GA4, Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the eesyncProductCategory function using the parameters conditionData, valueData, productArray, exclude and include in all versions ...

Flashcard Quiz App 1.0 SQL Injection

Exploit Title: Flashcard Quiz App - SQL Injection Google Dork: N/A Application: Flashcard Quiz App Date: 25.02.2024 Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

Simple Inventory Management System 1.0 SQL Injection

Exploit Title: Simple Inventory Management System - SQL Injection Google Dork: N/A Application: Simple Inventory Management System Date: 26.02.2024 Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

FAQ Management System 1.0 SQL Injection

Exploit Title: FAQ Management System - SQL Injection Google Dork: N/A Application: FAQ Management System Date: 25.02.2024 Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

Sql injection

The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'MerchantReference' parameter in all versions up to, and including, 1.6.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

Malware Scanner < 4.7.3 - Admin+ SQLi

Description The plugin is vulnerable to SQL Injection via an unknown parameter due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator access and above, to appe...

CVE-2024-24811 Products.SQLAlchemyDA vulnerable to unauthenticated arbitrary SQL query execution

SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions prior to 2.2 allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem has been patched in version...

Sql injection

The Podlove Subscribe button plugin for WordPress is vulnerable to UNION-based SQL Injection via the 'button' attribute of the podlove-subscribe-button shortcode in all versions up to, and including, 1.3.10 due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2024-0685

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Second Order SQL Injection via the email address value submitted through forms in all versions up to, and including, 3.7.1 due to insufficient escaping on the user supplied parameter...

CVE-2024-0705 Stripe Payment Plugin for WooCommerce <= 3.7.9 - Unauthenticated SQL Injection

The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

Funnel Builder for WordPress by FunnelKit < 2.14.4 - Authenticated(Administrator+) SQL Injection

Description The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels & Maximize Profits plugin for WordPress is vulnerable to SQL Injection in all versions up to 2.14.4 exclusive due to insufficient escaping on the user supplied parameter and lack...

Sql injection

PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection on the Users login panel because of "password" parameter is directly used in the SQL query without any sanitization and the SQL Injection payload being executed...

PT-2023-8526 · Cacti +1 · Cacti +1

Name of the Vulnerable Software and Affected Versions: Cacti versions affected versions not specified VR-S1000 firmware versions prior to 2.42 Description: The issue is related to a lack of protection in the SQL query structure in Cacti, and in VR-S1000 firmware, it allows an attacker with access...

GeoDirectory < 2.3.29 - Authenticated (Administrator+) SQL Injection via orderby

Description The GeoDirectory plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.3.28 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

PT-2023-8392 · Nginx-Ui · Nginx-Ui

Name of the Vulnerable Software and Affected Versions: Nginx-UI versions prior to 2.0.0.beta.9 Description: The issue is related to a lack of protection against SQL query structure exploitation in the Nginx UI server. This may allow a remote attacker to gain unauthorized access to protected...

CVE-2023-6418

A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via videos.php in the id parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all th...

CVE-2023-6412

A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via photo.php in multiple parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all...

CVE-2023-6411

A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via home.php in the update parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all...

Sql injection

A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via videos.php in the id parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all th...

Sql injection

A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via update.php in the id parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all th...