EUVD-2026-37844

The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 'sortdirection' parameter in all versions up to, and including, 4.0.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

WordPress plugin Form Maker by 10Web 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

PT-2026-23132

Name of the Vulnerable Software and Affected Versions Apocalypse Meow plugin for WordPress versions prior to 22.1.0 Description The software is susceptible to SQL injection through the type parameter. A flawed logical operator in the type validation check allows attacker-controlled single quotes ...

CVE-2014-4000

Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserializestripslashes...

CVE-2014-4000

Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserializestripslashes...

CmsEasy 5.6 /celive/live/header.php SQL注入漏洞

整个漏洞详情在书安杂志中进行了详细的说明。链接：https://www.secbook.net在parseObjXml 凼数中$rootTag 就是传入的 xml 中的第一个标签，返里判断是 xjxobj 还是 xjxquery当$rootTag 为 xjxquery 时将传入的参数内容通过 parsestr 处理 parsestr$sQuery, $aArray;然后当 getmagicquotesgpc == 1 == on的时候候，将传入的参数值反转义$newArray$sKey = stripslashes$sValue;进入postdata函数。function...

Gallery Kys 1.0 Admin Password Disclosure / Permanent XSS Vulns

No description provided by source. START 0x01 Informations: Script : Gallery Kys 1.0 Download : http://www.advancescripts.com/djump.php?ID=6285 Vulnerability : Admin Password Disclosure / Permanent XSS Author : Osirys Contact : osirysatlivedotit Website : http://osirys.org 0x02 Bug: Admin Passwor...

Weave a dream(Dedecms)arbitrary code execution vulnerability-vulnerability warning-the black bar safety net

Vulnerability page is \include\incbookfunctions.php The trigger page is member/storyaddcontentaction.php Next is open the following address: http://www.xxx.com/member/storyaddcontentaction.php?chapterid=1&arcID=1&body=?& gt; Followed by the word code. When you see the successful message indicates...

All Club CMS 0.0.2 - index.php SQL Injection

All Club CMS 0.0.2 - index.php SQL Injection -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- All Club CMS No go on the hack attempt."; // log attempt, from IP, etc. if $SYSSET'banattackip' // ban ip if banattackip die; $sth = $dbh-prepare"SELECT FROM accmsmodules WHERE...