CVE-2025-31078

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in enituretechnology Small Package Quotes – Worldwide Express Edition small-package-quotes-wwe-edition allows Reflected XSS.This issue affects Small Package Quotes – Worldwide Express Edition: from n/...

WordPress plugin Small Package Quotes – Worldwide Express Edition SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A SQL injection vulnerability exists in WordPress plugin...

CVE-2024-13534

The Small Package Quotes – Worldwide Express Edition plugin for WordPress is vulnerable to SQL Injection via the 'editid' and 'dropshipeditid' parameters in all versions up to, and including, 5.2.18 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

PT-2024-25921 · Unknown · Hc Mailinspector

Name of the Vulnerable Software and Affected Versions: HSC Mailinspector versions 5.2.17-3 through 5.2.18 Description: An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part ...

Exploit for Argument Injection in Phpmailer_Project Phpmailer

This is a Python script that exploits a vulnerability in PHPMailer version 5.2.18. The script is designed to be run on a vulnerable environment, and it will spawn a vulnerable web application on the host on port 8080. The exploit will drop a shell where commands can be sent to the backdoor. The...