PT-2024-21249 · Interaction Design Team At The University Of Applied Sciences Arts In Hildesheim/Germany +2 · Hawki

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns an application's up- and downvote function, which modifies a value in a JSON file. Due to improper filtering of POST parameters, an...

VulnCheck KEV: CVE-2022-0747

The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the postid parameter before using it in a SQL statement via the qcldupvoteaction AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL Injection...

CVE-2022-0747

The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the postid parameter before using it in a SQL statement via the qcldupvoteaction AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL Injection...

CVE-2022-0747

The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the postid parameter before using it in a SQL statement via the qcldupvoteaction AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL Injection...

CVE-2022-0760

The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the postid parameter before using it in a SQL statement via the qcopdupvoteaction AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL Injection...

WordPress plugin Simple Link Directory SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. The WordPress plugin Simple Link Directory before...

Improper Privilege Management in circuitverse/circuitverse

✍️ Description upvote in any private comment 🕵️‍♂️ Proof of Concept Bellow request is vulnerable to upvote in any comment of private project POST /commontator/comments/1312/upvote HTTP/2 Host: circuitverse.org Cookie: User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:90.0 Gecko/20100101...

Reddit: Outsider can affect Upvote Percentage of private subreddit post by calling /api/vote API

Summary: Attacker that does not have access to a private subreddit, can still affect Upvote Percentage of any posts in this private subreddit. He does that by calling /api/vote API and passing post id directly. What is Upvote Percentage?: F1407175 Impact: - Attacker can affect Upvote Percentage o...

Lack of CSRF protection on Voting

On Confluence Questions, answers and questions can be upvoted by the victim automatically on a question page visit, due to the lack of CSRF protection. When up voting a question manually, whilst on the question page, a single post request is issued: e.g. POST...