85 matches found
Event Management System SQL注入漏洞
Event Management System is an event management system. A SQL injection vulnerability exists in Calendar Event Management System version 2.3.0, which can be exploited by an attacker to perform SQL injection via the start/end parameter...
PT-2023-16445 · Unknown · Calendar Event Management System
Name of the Vulnerable Software and Affected Versions: Calendar Event Management System version 2.3.0 Description: A critical issue was found in the system, affecting an unknown part. The manipulation of the start and end arguments leads to SQL injection. It is possible to initiate the attack...
PT-2023-10123 · Piwigo · Piwigo-Guest-Book
Name of the Vulnerable Software and Affected Versions: Piwigo-Guest-Book versions up to 1.3.0 Description: A critical issue affects the Navigation Bar component, specifically the include/guestbook.inc.php file. The manipulation of the start argument leads to sql injection. Recommendations: For...
Piwigo SQL注入漏洞
Piwigo is a Web-based open source photo gallery software. The software includes features such as image management, image categorization and permission management. Piwigo Piwigo-Guest-Book version 1.3.0 and earlier versions suffer from a SQL injection vulnerability that stems from incorrect...
PT-2022-25984 · WordPress · Contest Gallery Pro +1
Name of the Vulnerable Software and Affected Versions: Contest Gallery WordPress plugin versions prior to 19.1.5.1 Contest Gallery Pro WordPress plugin versions prior to 19.1.5.1 Description: The issue allows malicious users with at least author privilege to leak sensitive information from the...
PT-2022-12094 · Reolink · Reolink Rlc-410W
Name of the Vulnerable Software and Affected Versions: reolink RLC-410W version 3.0.0.136 20121102 Description: A denial of service issue exists in the cgiserver.cgi JSON command parser functionality. This can be triggered by a specially-crafted HTTP request, leading to a reboot. The rtmp=start...
UiPath Assistant 注入漏洞
UiPath Assistant is a specialized tool for UiPath designed to make it easy and fun for users to interact with bots from the desktop. UiPath Assistant 21.4.4 suffers from a security vulnerability that stems from user control data provided to the --process-start parameter of the uipath-assistant://...
CVE-2021-24498
The Calendar Event Multi View WordPress plugin before 1.4.01 does not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the page via php/edit.php, leading to a reflected Cross-Site Scripting issue...
PT-2021-3991 · WordPress · Calendar Event Multi View
Name of the Vulnerable Software and Affected Versions: Calendar Event Multi View WordPress plugin versions prior to 1.4.01 Description: The issue is related to the lack of protection of the web page structure, allowing a remote attacker to conduct cross-site scripting attacks. Specifically, the...
CVE-2021-24199
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=getwdtable&tableid=1, on the 'start' HTTP POST parameter. Th...
Cross-site Scripting (XSS) - Generic in bigprof-software/online-invoicing-system
✍️ Description A cross-site scripting XSS allows remote attackers to inject JavaScript via the "p0-start" Parameter 🕵️♂️ Proof of Concept You can find installation instructions here: https://bigprof.com/appgini/applications/online-invoicing-system Vulnerable Parameter: p0-start p1-start & p2-start...
wpDataTables < 3.4.2 - Blind SQL Injection via start Parameter
The plugin allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=getwdtableid=1, on the 'start' HTTP POST parameter. This allows an attacker to access all the data in the database and obtain...
USVN Operating System Command Injection Vulnerability
USVN is a Php-based software for configuring Subversion by the USVN team. A security vulnerability exists in versions prior to USVN 1.0.9 that allows remote code execution via shell metacharacters in the start-of-number or end-of-number parameter to lastthunderdredrequest aka...
PT-2020-14433 · Centos · Centos Web Panel
Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the ajax...
CVE-2019-13588
A cross-site scripting XSS vulnerability in getPagingStart in core/lists/PAGING.php in WIKINDX before 5.8.2 allows remote attackers to inject arbitrary web script or HTML via the PagingStart parameter...
CVE-2018-3884
An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The sortby and start parameter can be used to perform an SQL injection attack. An attacker can use a browser to...
CVE-2018-3884
An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The sortby and start parameter can be used to perform an SQL injection attack. An attacker can use a browser to...
Sql injection
An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The sortby and start parameter can be used to perform an SQL injection attack. An attacker can use a browser to...
CVE-2018-3884
An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The sortby and start parameter can be used to perform an SQL injection attack. An attacker can use a browser to...
PT-2018-16277
Name of the Vulnerable Software and Affected Versions ERPNext version 10.1.6 Description An exploitable SQL injection issue exists in the authenticated part of the software. Specially crafted web requests can cause SQL injections, resulting in data compromise. The sort by and start parameters can...