CVE-2023-43739 Online Book Store Project v1.0 - Unauthenticated SQL Injection (SQLi)

The 'bookisbn' parameter of the cart.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-4485

ARDEREG ​Sistema SCADA Central versions 2.203 and prior login page are vulnerable to an unauthenticated blind SQL injection attack. An attacker could manipulate the application's SQL query logic to extract sensitive information or perform unauthorized actions within the database. In this case, th...

PT-2023-7493 · Asus · Asus Rt-Ax92U

Name of the Vulnerable Software and Affected Versions: ASUS RT-AX92U affected versions not specified Description: This issue allows network-adjacent attackers to disclose sensitive information on affected ASUS RT-AX92U routers. The flaw exists within the mod webdav.so module, where the process do...

PT-2023-15409 · Unknown · Themefic Ultimate Addons For Contact Form 7

Name of the Vulnerable Software and Affected Versions: Themefic Ultimate Addons for Contact Form 7 plugin versions prior to 3.1.24 Description: The issue is related to an Unauth. SQL Injection SQLi vulnerability. This means that an attacker could potentially inject malicious SQL code into the...

PT-2023-12759 · Audiocodes · Audiocodes Device Manager Express

Name of the Vulnerable Software and Affected Versions: AudioCodes Device Manager Express versions through 7.8.20002.47752 Description: The issue is an unauthenticated SQL injection in the p parameter of the "process login.php" login form. This allows for potential exploitation without the need fo...

Companymaps 8.0 SQL Injection

Exploit Title: Unauthenticated SQL injection - Google Dork: - Date: 27.04.2023 - Exploit Author: Lucas Noki 0xPrototype - Vendor Homepage: https://github.com/vogtmh - Software Link: https://github.com/vogtmh/cmaps - Version: 8.0 - Tested on: Mac, Windows, Linux - CVE : CVE-2023-29809 Description:...

Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. Submit a message in the chatbox, intercept the request using Burp Suite for example. Edit the request to reflect this request:...

Wordfence Intelligence CE Weekly Vulnerability Report (Feb 13, 2023 to Feb 19, 2023)

Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence Community Edition. This database is continuously updated, maintained, and populated by Wordfences highly credentialed and experienced...

CVE-2022-47770

Serenissima Informatica Fast Checkin version v1.0 is vulnerable to Unauthenticated SQL Injection...

CVE-2022-47770

CVE-2022-47770 affects Serenissima Informatica Fast Checkin v1.0 and is due to an Unauthenticated SQL Injection vulnerability. The issue exposes high-severity impact across confidentiality, integrity, and availability (CVSS v3.1 base score 9.8, AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Documented det...

VulnCheck KEV: CVE-2023-23488

The Paid Memberships Pro WordPress Plugin, version 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route...

CVE-2022-4297

The WP AutoComplete Search WordPress plugin through 1.0.4 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injection...

CVE-2022-4059 Cryptocurrency Widgets Pack < 2.0 - Unauthenticated SQLi

The Cryptocurrency Widgets Pack WordPress plugin before 2.0 does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

CVE-2022-4117

The IWS WordPress plugin through 1.0 does not properly escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection...

CVE-2022-4117 IWS - Geo Form Fields <= 1.0 - Unauthenticated SQLi

The IWS WordPress plugin through 1.0 does not properly escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection...

CVE-2022-45822

Unauth. SQL Injection SQLi vulnerability in Advanced Booking Calendar plugin = 1.7.1 on WordPress...

Contest Gallery < 19.1.5.1 - Unauthenticated SQL Injection

The plugins do not escape the userid POST parameter before concatenating it to an SQL query in ajax-functions-backend.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. POST /wp-admin/admin-ajax.php HTTP/1.1 Host:...

Eyes Of Network (EON) <= 5.3.11 Multiple Vulnerabilities

Eyes Of Network EON is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2022-2177

Kayrasoft product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2...

WordPress Youzify plugin <= 1.1.9 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress Youzify plugin versions = 1.1.9. Solution Update the WordPress Youzify plugin to the latest available version at least 1.2.0...