16 matches found
CVE-2021-47915
PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web...
CVE-2021-47915
PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web...
CVE-2021-47915 PHP Melody 3.0 SQL Injection Vulnerability via Edit Video Parameter
PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web...
PT-2026-5560
Name of the Vulnerable Software and Affected Versions PHP Melody version 3.0 Description PHP Melody version 3.0 has a remote SQL injection issue in the video edit module. Authenticated attackers can inject malicious SQL commands through the unvalidated vid parameter. Successful exploitation allow...
CVE-2025-9204
The X Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Youtube Video ID field in all versions up to, and including, 1.0.16. This is due to insufficient input sanitization and output escaping on the Youtube Video ID parameter. This makes it possible fo...
CVE-2025-9204
The X Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Youtube Video ID field in all versions up to, and including, 1.0.16. This is due to insufficient input sanitization and output escaping on the Youtube Video ID parameter. This makes it possible fo...
CVE-2025-9204 X Addons for Elementor <= 1.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Youtube Video ID Field
The X Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Youtube Video ID field in all versions up to, and including, 1.0.16. This is due to insufficient input sanitization and output escaping on the Youtube Video ID parameter. This makes it possible fo...
CVE-2025-9204 X Addons for Elementor <= 1.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Youtube Video ID Field
The X Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Youtube Video ID field in all versions up to, and including, 1.0.16. This is due to insufficient input sanitization and output escaping on the Youtube Video ID parameter. This makes it possible fo...
CVE-2025-9204
The CVE pertains to the WordPress plugin X Addons for Elementor. Affected: X Addons for Elementor up to version 1.0.14 (per initial CVE description and corroborating sources). Root cause: stored cross-site scripting via the Youtube Video ID parameter due to insufficient input sanitization and out...
WordPress plugin X Addons for Elementor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-40488
Name of the Vulnerable Software and Affected Versions X Addons for Elementor plugin for WordPress versions up to and including 1.0.14 Description The X Addons for Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is a result of inadequate input sanitization and...
CVE-2025-9594
A vulnerability has been found in itsourcecode Apartment Management System 1.0. The affected element is an unknown function of the file /report/complaininfo.php. The manipulation of the argument vid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...
WordPress Multi Video Box plugin <= 1.5.2 - Reflected Cross-Site Scripting via video_id and group_id Parameters vulnerability
Reflected Cross-Site Scripting via videoid and groupid Parameters vulnerability discovered by johska in WordPress Plugin Multi Video Box versions = 1.5.2...
PHP Melody 2.7.1 SQL Injection
Exploit Title: PHP Melody v2.7.1 - SQL Injection Date: 30/12/2017 Exploit Author: Ahmad Mahfouz Contact: http://twitter.com/eln1x Vendor Homepage: http://www.phpsugar.com/ Buy http://www.phpsugar.com/phpmelodyorder.html Version: 2.7.1 Tested on: Mac OS SQL Injection Type: time-based blind...
FS IMDB Clone SQL Injection Vulnerability
FS IMDB Clone is a set of PHP-based scripts for online movie ticket booking websites. A SQL injection vulnerability exists in FS IMDB Clone version 1.0. The vulnerability can be exploited to inject SQL by sending the 'f' parameter to the movie.php file, the 's' parameter to the tvshow.php file, o...
Vimeo: All Vimeo Private videos disclosure via Authorization Bypass
Hello, There is a vulnerability in https://vimeo.com/VIDEOID?action=share that makes all Vimeo private videos available to anybody. POC link : http://opnsec.com/vimeo/vl/videoLeak.php?video=VIDEOID POC requirements : - No need to be logged in Vimeo - Because of sensitivity of this, I put a passwo...