3 matches found
VulnCheck KEV: CVE-2021-34648
The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the triggeremailaction function found in the /includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to send arbitrary emails from the affected server via the...
PHP-Fusion 7.02.07 /administration/submissions.php SQL注入漏洞
/administration/submissions.phpif isset$GET'action' && $GET'action' == "2" && isset$GET't' && $GET't' == "n" if isset$POST'publish' && isset$GET'submitid' && isnum$GET'submitid' $result = dbquery"SELECT ts., tu.userid, tu.username FROM ".DBSUBMISSIONS." ts LEFT JOIN ".DBUSERS." tu ON...
Sql injection
Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL commands via the 1 submitid parameter in a 2 action to files/administration/submissions.php or 2 status parameter to files/administration/members.php...