Lucene search
K

85 matches found

CNNVD
CNNVD
added 2023/02/04 12:0 a.m.6 views

Event Management System SQL注入漏洞

Event Management System is an event management system. A SQL injection vulnerability exists in Calendar Event Management System version 2.3.0, which can be exploited by an attacker to perform SQL injection via the start/end parameter...

8.8CVSS7.2AI score0.00734EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/02/04 12:0 a.m.6 views

PT-2023-16445 · Unknown · Calendar Event Management System

Name of the Vulnerable Software and Affected Versions: Calendar Event Management System version 2.3.0 Description: A critical issue was found in the system, affecting an unknown part. The manipulation of the start and end arguments leads to SQL injection. It is possible to initiate the attack...

8.8CVSS7.1AI score0.00734EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2023/01/06 12:0 a.m.7 views

PT-2023-10123 · Piwigo · Piwigo-Guest-Book

Name of the Vulnerable Software and Affected Versions: Piwigo-Guest-Book versions up to 1.3.0 Description: A critical issue affects the Navigation Bar component, specifically the include/guestbook.inc.php file. The manipulation of the start argument leads to sql injection. Recommendations: For...

9.8CVSS6.2AI score0.00724EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/01/06 12:0 a.m.16 views

Piwigo SQL注入漏洞

Piwigo is a Web-based open source photo gallery software. The software includes features such as image management, image categorization and permission management. Piwigo Piwigo-Guest-Book version 1.3.0 and earlier versions suffer from a SQL injection vulnerability that stems from incorrect...

9.8CVSS6.6AI score0.00724EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/12/26 12:0 a.m.3 views

PT-2022-25984 · WordPress · Contest Gallery Pro +1

Name of the Vulnerable Software and Affected Versions: Contest Gallery WordPress plugin versions prior to 19.1.5.1 Contest Gallery Pro WordPress plugin versions prior to 19.1.5.1 Description: The issue allows malicious users with at least author privilege to leak sensitive information from the...

6.5CVSS6.4AI score0.00854EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2022/01/28 12:0 a.m.5 views

PT-2022-12094 · Reolink · Reolink Rlc-410W

Name of the Vulnerable Software and Affected Versions: reolink RLC-410W version 3.0.0.136 20121102 Description: A denial of service issue exists in the cgiserver.cgi JSON command parser functionality. This can be triggered by a specially-crafted HTTP request, leading to a reboot. The rtmp=start...

8.6CVSS7.8AI score0.01207EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/12/14 12:0 a.m.4 views

UiPath Assistant 注入漏洞

UiPath Assistant is a specialized tool for UiPath designed to make it easy and fun for users to interact with bots from the desktop. UiPath Assistant 21.4.4 suffers from a security vulnerability that stems from user control data provided to the --process-start parameter of the uipath-assistant://...

9.8CVSS8.4AI score0.01083EPSS
Exploits0References2
OSV
OSV
added 2021/08/02 11:15 a.m.4 views

CVE-2021-24498

The Calendar Event Multi View WordPress plugin before 1.4.01 does not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the page via php/edit.php, leading to a reflected Cross-Site Scripting issue...

6.1CVSS5.8AI score0.03065EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2021/07/02 12:0 a.m.11 views

PT-2021-3991 · WordPress · Calendar Event Multi View

Name of the Vulnerable Software and Affected Versions: Calendar Event Multi View WordPress plugin versions prior to 1.4.01 Description: The issue is related to the lack of protection of the web page structure, allowing a remote attacker to conduct cross-site scripting attacks. Specifically, the...

7CVSS6AI score0.03065EPSS
Exploits2References7
OSV
OSV
added 2021/04/12 2:15 p.m.5 views

CVE-2021-24199

The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=getwdtable&tableid=1, on the 'start' HTTP POST parameter. Th...

6.5CVSS6.7AI score0.01341EPSS
Exploits0References3
Huntr
Huntr
added 2021/03/26 11:52 a.m.17 views

Cross-site Scripting (XSS) - Generic in bigprof-software/online-invoicing-system

✍️ Description A cross-site scripting XSS allows remote attackers to inject JavaScript via the "p0-start" Parameter 🕵️‍♂️ Proof of Concept You can find installation instructions here: https://bigprof.com/appgini/applications/online-invoicing-system Vulnerable Parameter: p0-start p1-start & p2-start...

2AI score
Exploits0
WPVulnDB
WPVulnDB
added 2021/03/16 12:0 a.m.29 views

wpDataTables < 3.4.2 - Blind SQL Injection via start Parameter

The plugin allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=getwdtableid=1, on the 'start' HTTP POST parameter. This allows an attacker to access all the data in the database and obtain...

4CVSS2.5AI score0.01341EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2020/12/31 12:0 a.m.8 views

USVN Operating System Command Injection Vulnerability

USVN is a Php-based software for configuring Subversion by the USVN team. A security vulnerability exists in versions prior to USVN 1.0.9 that allows remote code execution via shell metacharacters in the start-of-number or end-of-number parameter to lastthunderdredrequest aka...

9.9CVSS6.4AI score0.04383EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2020/06/25 12:0 a.m.5 views

PT-2020-14433 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the ajax...

10CVSS9.8AI score0.08411EPSS
Exploits0References3
OSV
OSV
added 2019/07/26 10:15 p.m.4 views

CVE-2019-13588

A cross-site scripting XSS vulnerability in getPagingStart in core/lists/PAGING.php in WIKINDX before 5.8.2 allows remote attackers to inject arbitrary web script or HTML via the PagingStart parameter...

6.1CVSS6.4AI score0.0104EPSS
Exploits0References3
NVD
NVD
added 2018/09/12 2:29 p.m.21 views

CVE-2018-3884

An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The sortby and start parameter can be used to perform an SQL injection attack. An attacker can use a browser to...

8.8CVSS6.6AI score0.00919EPSS
Exploits1References1
OSV
OSV
added 2018/09/12 2:29 p.m.4 views

CVE-2018-3884

An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The sortby and start parameter can be used to perform an SQL injection attack. An attacker can use a browser to...

8.8CVSS5.8AI score
Exploits0References1
Prion
Prion
added 2018/09/12 2:29 p.m.17 views

Sql injection

An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The sortby and start parameter can be used to perform an SQL injection attack. An attacker can use a browser to...

6.5CVSS8.8AI score0.00919EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/09/12 2:0 p.m.25 views

CVE-2018-3884

An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The sortby and start parameter can be used to perform an SQL injection attack. An attacker can use a browser to...

5.4CVSS8.9AI score0.00919EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2018/09/12 12:0 a.m.4 views

PT-2018-16277

Name of the Vulnerable Software and Affected Versions ERPNext version 10.1.6 Description An exploitable SQL injection issue exists in the authenticated part of the software. Specially crafted web requests can cause SQL injections, resulting in data compromise. The sort by and start parameters can...

8.8CVSS6.5AI score0.00919EPSS
Exploits1References4
Rows per page
Query Builder