249 matches found
CVE-2024-10793 WP Activity Log <= 5.2.1 - Unauthenticated Stored Cross-Site Scripting via User_id Parameter
The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the userid parameter in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scrip...
CVE-2024-10793
CVE-2024-10793 affects the WP Activity Log WordPress plugin (versions
CVE-2024-51559
This vulnerability exists in the Wave 2.0 due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API input parameters to gain unauthorized access and perform malicious activities on other user accounts...
CVE-2024-8465
SQL injection vulnerability, by which an attacker could send a specially designed query through userid parameter in /jobportal/admin/user/controller.php, and retrieve all the information stored in it...
CVE-2024-8465 SQL injection vulnerability in Job Portal
SQL injection vulnerability, by which an attacker could send a specially designed query through userid parameter in /jobportal/admin/user/controller.php, and retrieve all the information stored in it...
SQL Injection
litellm is vulnerable to SQL Injection. The vulnerability is due to improper handling of the 'userid' parameter in the raw SQL query used for deleting users. This allows an attacker to inject malicious SQL commands, leading to potential unauthorized access to sensitive information such as API key...
SQL injection in litellm
A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'userid' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability b...
GHSA-8J42-PCFM-3467 SQL injection in litellm
A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'userid' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability b...
CVE-2024-4890 Blind SQL Injection in berriai/litellm
A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'userid' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability b...
litellm SQL Injection Vulnerability
LiteLLM is an open source application from Berri AI. All LLM APIs can be called using the OpenAI format. A SQL injection vulnerability exists in litellm, which stems from a mishandling of the userid parameter leading to a SQL injection vulnerability...
Build App Online <= 1.0.21 - Authentication Bypass via Header
Description The plugin is vulnerable to authentication bypass due to missing authentication checking in the 'setusercart' function with the 'userid' header value. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they hav...
CVE-2024-3748 SP Project & Document Manager <= 4.71 - Data Update via IDOR
The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the userid to make it appear that a file was uploaded by another user...
CVE-2024-3748 SP Project & Document Manager <= 4.71 - Data Update via IDOR
The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the userid to make it appear that a file was uploaded by another user...
CVE-2024-2534
A vulnerability, which was classified as critical, was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This affects an unknown part of the file /admin/users.php. The manipulation of the argument userid leads to sql injection. It is possible to initiate the attack remotely. T...
CVE-2024-2534 MAGESH-K21 Online-College-Event-Hall-Reservation-System users.php sql injection
A vulnerability, which was classified as critical, was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This affects an unknown part of the file /admin/users.php. The manipulation of the argument userid leads to sql injection. It is possible to initiate the attack remotely. T...
Sql injection
A vulnerability, which was classified as critical, has been found in code-projects Dormitory Management System 1.0. Affected by this issue is some unknown functionality of the file modifyuser.php. The manipulation of the argument userid leads to sql injection. The attack may be launched remotely...
SQL Injection
gilacms/gila is vulnerable to SQL Injection. The vulnerability is due to improper userid parameter sanitization within the login portal, which allows an attacker to execute arbitrary web scripts which results in SQL injection...
GHSA-3PFJ-G4WR-QJ3J Gila CMS SQL Injection vulnerability
A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'userid' parameter after the login portal...
Gila CMS SQL Injection vulnerability
A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'userid' parameter after the login portal...
CVE-2020-26625
A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'userid' parameter after the login portal...