Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
Dtracker ProjectDtracker

4 matches found

CVE
CVEadded 2017/09/14 1:0 p.m.60 views

CVE-2017-1002004

The CVE-2017-1002004 entry concerns the WordPress DTracker plugin (v1.5) with an SQL injection in dtracker/download.php where user input is not sanitized for the id parameter before appending to SQL queries. Public sources in the Connected documents describe multiple unauthenticated blind SQL inj...

7.5CVSS8.1AI score0.05503EPSS
Web
CVE
CVEadded 2017/09/14 1:0 p.m.55 views

CVE-2017-1002007

CVE-2017-1002007 affects the WordPress DTracker plugin v1.5. The issue is in dtracker/save_mail.php, which does not verify that the user is authorized before inserting new contacts into wp_contact. The root cause is missing authorization checks, allowing an unauthenticated attempt to inject data ...

7.5CVSS8AI score0.04624EPSS
CVE
CVEadded 2017/09/14 1:0 p.m.54 views

CVE-2017-1002005

CVE-2017-1002005 affects the WordPress DTracker plugin (v1.5): the delete.php path uses user input for contact_id directly in an SQL query without sanitization, enabling SQL injection. Connected documents corroborate a SQL injection vulnerability in DTracker 1.5, with multiple sources flagging un...

7.5CVSS8.1AI score0.05407EPSS
Web
CVE
CVEadded 2017/09/14 1:0 p.m.53 views

CVE-2017-1002006

Vulnerability in WordPress DTracker plugin v1.5 is caused by dtracker/save_contact.php failing to verify user authorization before inserting contacts into the wp_contact table. The issue enables unauthorized users to inject new contacts, potentially compromising site data. Connected sources corro...

7.5CVSS8AI score0.04624EPSS