Lucene search
K

249 matches found

Cvelist
Cvelist
added 2024/11/15 5:30 a.m.42 views

CVE-2024-10793 WP Activity Log <= 5.2.1 - Unauthenticated Stored Cross-Site Scripting via User_id Parameter

The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the userid parameter in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scrip...

7.2CVSS0.01293EPSS
Exploits1References2
CVE
CVE
added 2024/11/15 5:30 a.m.92 views

CVE-2024-10793

CVE-2024-10793 affects the WP Activity Log WordPress plugin (versions

7.2CVSS5.9AI score0.01293EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2024/11/04 1:17 p.m.38 views

CVE-2024-51559

This vulnerability exists in the Wave 2.0 due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API input parameters to gain unauthorized access and perform malicious activities on other user accounts...

7.1CVSS0.00331EPSS
Exploits0References1
NVD
NVD
added 2024/09/05 1:15 p.m.29 views

CVE-2024-8465

SQL injection vulnerability, by which an attacker could send a specially designed query through userid parameter in /jobportal/admin/user/controller.php, and retrieve all the information stored in it...

9.8CVSS0.00464EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/09/05 12:54 p.m.20 views

CVE-2024-8465 SQL injection vulnerability in Job Portal

SQL injection vulnerability, by which an attacker could send a specially designed query through userid parameter in /jobportal/admin/user/controller.php, and retrieve all the information stored in it...

9.8CVSS0.00464EPSS
Exploits1References1
Veracode
Veracode
added 2024/06/11 4:52 a.m.16 views

SQL Injection

litellm is vulnerable to SQL Injection. The vulnerability is due to improper handling of the 'userid' parameter in the raw SQL query used for deleting users. This allows an attacker to inject malicious SQL commands, leading to potential unauthorized access to sensitive information such as API key...

4.9CVSS6.7AI score0.0056EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/06 9:30 p.m.34 views

SQL injection in litellm

A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'userid' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability b...

4.9CVSS5.5AI score0.0056EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2024/06/06 9:30 p.m.16 views

GHSA-8J42-PCFM-3467 SQL injection in litellm

A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'userid' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability b...

4.9CVSS5.4AI score0.0056EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/06/06 6:23 p.m.17 views

CVE-2024-4890 Blind SQL Injection in berriai/litellm

A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'userid' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability b...

4.9CVSS7.3AI score0.0056EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/06/06 12:0 a.m.6 views

litellm SQL Injection Vulnerability

LiteLLM is an open source application from Berri AI. All LLM APIs can be called using the OpenAI format. A SQL injection vulnerability exists in litellm, which stems from a mishandling of the userid parameter leading to a SQL injection vulnerability...

4.9CVSS8AI score0.0056EPSS
Exploits1References2
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.15 views

Build App Online <= 1.0.21 - Authentication Bypass via Header

Description The plugin is vulnerable to authentication bypass due to missing authentication checking in the 'setusercart' function with the 'userid' header value. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they hav...

7.4AI score
Exploits0References1
Cvelist
Cvelist
added 2024/05/15 6:0 a.m.33 views

CVE-2024-3748 SP Project & Document Manager <= 4.71 - Data Update via IDOR

The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the userid to make it appear that a file was uploaded by another user...

6.6AI score0.00434EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/05/15 6:0 a.m.12 views

CVE-2024-3748 SP Project & Document Manager <= 4.71 - Data Update via IDOR

The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the userid to make it appear that a file was uploaded by another user...

6.7AI score0.00434EPSS
Exploits2References1
OSV
OSV
added 2024/03/17 12:15 a.m.3 views

CVE-2024-2534

A vulnerability, which was classified as critical, was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This affects an unknown part of the file /admin/users.php. The manipulation of the argument userid leads to sql injection. It is possible to initiate the attack remotely. T...

9.8CVSS5.6AI score0.00545EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/03/16 11:31 p.m.13 views

CVE-2024-2534 MAGESH-K21 Online-College-Event-Hall-Reservation-System users.php sql injection

A vulnerability, which was classified as critical, was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This affects an unknown part of the file /admin/users.php. The manipulation of the argument userid leads to sql injection. It is possible to initiate the attack remotely. T...

6.5CVSS7.2AI score0.00545EPSS
Exploits0References3
Prion
Prion
added 2024/01/13 12:15 a.m.21 views

Sql injection

A vulnerability, which was classified as critical, has been found in code-projects Dormitory Management System 1.0. Affected by this issue is some unknown functionality of the file modifyuser.php. The manipulation of the argument userid leads to sql injection. The attack may be launched remotely...

6.5CVSS7.6AI score0.005EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2024/01/04 5:1 a.m.26 views

SQL Injection

gilacms/gila is vulnerable to SQL Injection. The vulnerability is due to improper userid parameter sanitization within the login portal, which allows an attacker to execute arbitrary web scripts which results in SQL injection...

3.8CVSS8.1AI score0.00662EPSS
Exploits3References5Affected Software1
OSV
OSV
added 2024/01/03 12:30 a.m.38 views

GHSA-3PFJ-G4WR-QJ3J Gila CMS SQL Injection vulnerability

A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'userid' parameter after the login portal...

3.8CVSS5.1AI score0.00662EPSS
Exploits3References5
Github Security Blog
Github Security Blog
added 2024/01/03 12:30 a.m.52 views

Gila CMS SQL Injection vulnerability

A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'userid' parameter after the login portal...

3.8CVSS8.6AI score0.00662EPSS
Exploits3References6Affected Software1
NVD
NVD
added 2024/01/02 10:15 p.m.29 views

CVE-2020-26625

A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'userid' parameter after the login portal...

3.8CVSS5.3AI score0.00662EPSS
Exploits3References3
Rows per page
Query Builder