81 matches found
CyberPower < v2.8.3 - SQL Injection
A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to . id: CVE-2024-32736 info: name: CyberPower PDNU" tags: cve,cve2024,cyberpower,sqli,vkev,vuln http: - method: GET path: - "BaseURL/api/v1/confup?mode=&uid=1'%20UNION%20select%201,2,3,4,sqliteversion;--"...
Dokan Pro <= 3.10.3 - SQL Injection
The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. id: CVE-2024-3922 info: name: Dokan Pro...
Debian dla-4604 : roundcube - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4604 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4604-1 [email protected]...
CVE-2022-0366
An authenticated and authorized agent user could potentially gain administrative access via an SQLi vulnerability to Capsule8 Console between versions 4.6.0 and 4.9.1...
CVE-2025-7458
An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory via a crafted SELECT statement with a...
CVE-2025-54294 Extension - stackideas.com - SQLi vulnerability in Komento component 4.0.0-4.0.7 for Joomla
A SQLi vulnerability in Komento component 4.0.0-4.0.7for Joomla was discovered. The issue allows unprivileged users to execute arbitrary SQL commands...
CVE-2025-50127 Extension - dj-extensions.com - SQLi vulnerability in DJ-Flyer component 1.0-3.2 for Joomla
A SQLi vulnerability in DJ-Flyer component 1.0-3.2 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands...
CVE-2025-50127
CVE-2025-50127 concerns the DJ-Flyer Joomla extension (component DJ-Flyer 1.0–3.2). The issue is a SQL injection vulnerability that allows privileged users to execute arbitrary SQL commands. Root cause is improper input handling in the vulnerable component, enabling crafted queries to reach the d...
GHSA-9XVF-CJVF-FF5Q WP Crontrol vulnerable to possible RCE when combined with a pre-condition
Impact WP Crontrol includes a feature that allows administrative users to create events in the WP-Cron system that store and execute PHP code subject to the restrictive security permissions documented here. While there is no known vulnerability in this feature on its own, there exists potential f...
WP Crontrol vulnerable to possible RCE when combined with a pre-condition
Impact WP Crontrol includes a feature that allows administrative users to create events in the WP-Cron system that store and execute PHP code subject to the restrictive security permissions documented here. While there is no known vulnerability in this feature on its own, there exists potential f...
CVE-2023-40629
SQLi vulnerability in LMS Lite component for Joomla...
CVE-2023-4103 Multiple vulnerabilities in IDM Sistemas QSige
QSige statistics are affected by a remote SQLi vulnerability. It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application...
CVE-2022-30451
An authenticated user could execute code via a SQLi vulnerability in waimairenCMS before version 9.1...
Code injection
An authenticated user could execute code via a SQLi vulnerability in waimairenCMS before version 9.1...
CVE-2022-30451
An authenticated user could execute code via a SQLi vulnerability in waimairenCMS before version 9.1...
CVE-2021-43735
CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule...
CVE-2021-43735
CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule...
CVE-2022-0366
An authenticated and authorized agent user could potentially gain administrative access via an SQLi vulnerability to Capsule8 Console between versions 4.6.0 and 4.9.1...
CVE-2021-36807
An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8...
Code injection
An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8...