3 matches found
CVE-2026-3489
The CVE-2026-3489 entry concerns the DirectoryPress WordPress plugin (Business Directory and Classified Ad Listing) with vulnerable versions up to 3.6.26. The issue is an SQL Injection via the 'packages' parameter caused by insufficient escaping of user input and inadequate SQL query preparation,...
PT-2025-44617
Name of the Vulnerable Software and Affected Versions Stylemix MasterStudy LMS versions prior to 3.6.28 Description A flaw exists in Stylemix MasterStudy LMS that allows for Blind SQL Injection due to improper neutralization of special elements within SQL commands. This issue potentially allows...
PT-2021-6572 · Mongodb +1 · Mongodb Server +2
Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 3.6.20 MongoDB Server versions prior to 4.0.21 MongoDB Server versions prior to 4.2.10 Description: The issue is related to a lack of output encoding or escaping in MongoDB, allowing a remote attacker to impac...