Lucene search
K

1666 matches found

CVE
CVE
added 2022/07/22 2:58 p.m.76 views

CVE-2022-2136

The CVE-2022-2136 issue concerns Advantech iView, where multiple SQL injection weaknesses exist due to insufficient input validation (for example, ipaddress in updatePROMFile and related parameters in exportTaskMgrReport/exportPSInventoryTable). The attached documents specify that these flaws ena...

8.8CVSS6.8AI score0.09002EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/06/06 8:51 a.m.77 views

CVE-2022-1688

The Note Press WordPress plugin (versions

4CVSS3.5AI score0.00764EPSS
Exploits2References2Affected Software1
0day.today
0day.today
added 2022/05/24 12:0 a.m.306 views

Blockchain AltExchanger 1.2.1 SQL Injection Vulnerability

Information Vulnerability Name : Multiple Remote SQL Injections in Inout Blockchain AltExchanger Product : Inout Blockchain AltExchanger version : 1.2.1 Vendor Site : https://www.inoutscripts.com/products/inout-blockchain-altexchanger/ Exploit Detail :...

0.5AI score
Exploits0
WPVulnDB
WPVulnDB
added 2022/05/23 12:0 a.m.20 views

KiviCare < 2.3.9 - Unauthenticated SQLi

The plugin does not sanitise and escape some parameters before using them in SQL statements via the ajaxpost AJAX action with the getdoctordetails route, leading to SQL Injections exploitable by unauthenticated users PoC With at least one doctor created via the plugin: v 2.3.4 curl...

9.8CVSS2.8AI score0.11485EPSS
Exploits2Affected Software1
NVD
NVD
added 2022/05/09 5:15 p.m.24 views

CVE-2022-0836

The SEMA API WordPress plugin before 4.02 does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauthenticated users...

9.8CVSS0.01741EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2022/05/09 12:0 a.m.4 views

PT-2022-13460 · WordPress · Sema Api Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: SEMA API WordPress plugin versions prior to 4.02 Description: The issue arises from the SEMA API WordPress plugin's failure to properly sanitise and escape certain parameters before using them in SQL statements via an AJAX action. This leads ...

9.8CVSS9.5AI score0.01741EPSS
Exploits2References5
ATTACKERKB
ATTACKERKB
added 2022/05/02 4:15 p.m.5 views

CVE-2022-0771

The SiteSuperCharger WordPress plugin before 5.2.0 does not validate, sanitise and escape various user inputs before using them in SQL statements via AJAX actions available to both unauthenticated and authenticated users, leading to Unauthenticated SQL Injections...

9.8CVSS5.6AI score0.01602EPSS
Exploits2References2
Prion
Prion
added 2022/05/02 4:15 p.m.28 views

Sql injection

The Multiple Shipping Address Woocommerce WordPress plugin before 2.0 does not properly sanitise and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections...

7.5CVSS9.6AI score0.06849EPSS
Exploits2References1Affected Software1
Talos Blog
Talos Blog
added 2022/03/01 6:42 a.m.13 views

Vulnerability Spotlight: Vulnerabilities in Lansweeper could lead to JavaScript, SQL injections

Marcin “Icewall” Noga of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in the Lansweeper IT asset management solution that could allow an attacker to inject JavaScript or SQL code on the targeted... This is only the...

1.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/07 12:0 a.m.315 views

Hospital Management System 4.0 SQL Injection

Title: Hospital Management System v4.0 Multiple SQL-Injections Author: nu11secur1ty Date: 02.06.2022 Vendor: https://github.com/kishan0725 Software: https://github.com/kishan0725/Hospital-Management-System CVE-2022-24263 Description: The Hospital Management System v4.0 is suffering from Multiple...

9.8CVSS0.1AI score0.08244EPSS
Exploits4
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.29 views

Mageia: Security Advisory (MGASA-2014-0302)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.7AI score0.04916EPSS
Exploits3References4
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.15 views

Mageia: Security Advisory (MGASA-2015-0001)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.6AI score0.02065EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.26 views

Mageia: Security Advisory (MGASA-2020-0150)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8CVSS6.6AI score0.02694EPSS
Exploits0References4
Prion
Prion
added 2022/01/11 12:15 p.m.23 views

Sql injection

A vulnerability has been identified in COMOS V10.2 All versions only if web components are used, COMOS V10.3 All versions V10.3.3.3 only if web components are used, COMOS V10.4 All versions V10.4.1 only if web components are used. The COMOS Web component of COMOS is vulnerable to SQL injections...

6CVSS8.8AI score0.00816EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2021/12/21 9:15 a.m.20 views

CVE-2021-24849

The wcfmajaxcontroller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections...

9.8CVSS0.0848EPSS
Exploits2References1
Packet Storm
Packet Storm
added 2021/12/13 12:0 a.m.170 views

Simple Forum-Discussion System 1.0 SQL Injection

Simple Forum-Discussion System 1.0 Vendor Description: Multiple SQL-Injections are found on Simple Forum-Discussion System 1.0 For example on three applications which are managetopic.php, manageuser.php, and ajax.php. The attacker can be retrieving all information from the database of this system...

0.3AI score
Exploits0
NVD
NVD
added 2021/11/08 6:15 p.m.10 views

CVE-2021-24630

The Schreikasten WordPress plugin through 0.14.18 does not sanitise or escape the id GET parameter before using it in SQL statements in the comments dashboard from various actions, leading to authenticated SQL Injections which can be exploited by users as low as author...

8.8CVSS0.01517EPSS
Exploits2References2
OSV
OSV
added 2021/11/03 8:15 p.m.4 views

CVE-2021-41492

Multiple SQL Injection vulnerabilities exist in Sourcecodester Simple Cashiering System POS 1.0 via the 1 Product Code in the pos page in cashiering. 2 id parameter in manageproducts and the 3 t paramater in actions.php...

9.8CVSS7.4AI score0.01638EPSS
Exploits1References3
Cvelist
Cvelist
added 2021/10/15 2:10 p.m.15 views

CVE-2021-41148 The update of the CI job targeted by a widget is vulnerable to blind SQL injections

Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Prior to version 11.16.99.173 of Community Edition and versions 11.16-6 and 11.15-8 of Enterprise Edition, an attacker with the ability to add one the CI widget to its personal...

8.8CVSS9.2AI score0.01478EPSS
Exploits0References4
wpexploit
wpexploit
added 2021/10/07 12:0 a.m.183 views

Post Content XMLRPC <= 1.0 - Admin+ SQL Injections

The plugin does not sanitise or escape multiple GET/POST parameters before using them in SQL statements in the admin dashboard, leading to an authenticated SQL Injections https://example.com/wp-admin/admin.php?page=pcxaddsites&mode=add&id=1%20AND%20SELECT%207953%20FROM%20SELECTSLEEP5AgUn...

7.2CVSS1.4AI score0.01497EPSS
Exploits2References1
Rows per page
Query Builder