10 matches found
CVE-2022-0349
The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nxid parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection...
CVE-2023-3197
The MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the 'id' parameter in versions up to, and including, 4.0.1 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This makes it possible...
Server side request forgery (ssrf)
Medusa is an automatic video library manager for TV shows. Versions prior to 1.0.19 are vulnerable to unauthenticated blind server-side request forgery SSRF. The testDiscord request handler in medusa/server/web/home/handler.py does not validate the user-controlled discordwebhook variable and pass...
CVE-2023-50258 Blind SSRF in `/home/testdiscord` endpoint
Medusa is an automatic video library manager for TV shows. Versions prior to 1.0.19 are vulnerable to unauthenticated blind server-side request forgery SSRF. The testDiscord request handler in medusa/server/web/home/handler.py does not validate the user-controlled discordwebhook variable and pass...
CVE-2022-3590
Summary of CVE-2022-3590 (WordPress) : WordPress versions affected by an unauthenticated blind SSRF in the pingback feature due to a TOCTOU race between validation and the HTTP request, enabling access to internal hosts explicitly forbidden. Documented impact includes unauthenticated blind SSRF p...
Goto < 2.1 - Unauthenticated Blind SQL Injection
The theme did not sanitise, validate of escape the keywords GET parameter from its listing page before using it in a SQL statement, leading to an Unauthenticated SQL injection issue sqlmap --url="https://example.com/tour-list/?keywords=13&startdate=13" --random-agent -dbs --level=3 --threads=4...
Citrix SD-WAN Appliance < 10.2.3 Unauthenticated Blind SQL Injection
The remote Citrix SD-WAN Appliance is affected by an SQL injection vulnerability due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this issue to inject or manipulate SQL queries in the back-end database, resulting in the manipulation of arbitrary...
CVE-2019-9053
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1idlist parameter...
Merethis Centreon - Unauthenticated blind SQLi and Authenticated Remote Command Execution
Merethis Centreon - Unauthenticated blind SQLi and Authenticated Remote Command Execution CVEs: CVE-2015-1560, CVE-2015-1561 Vendor: Merethis - www.centreon.com Product: Centreon Version affected: 2.5.4 and prior Product description: Centreon is the choice of some of the world's largest companies...
WP Live Chat Support < 4.4.0 - Unauthenticated Blind SQL Injection
The 3CX Live Chat WordPress plugin was affected by an Unauthenticated Blind SQL Injection security vulnerability...