Lucene search

Simple Subscription Project Security Vulnerabilities

cve

CVE-2022-26283

Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the view_plan endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP...

9.8CVSS

9.6AI Score

0.003EPSS

2022-03-21 11:15 PM

cve

CVE-2021-43140

SQL Injection vulnerability exists in Sourcecodester. Simple Subscription Website 1.0. via the...

9.8CVSS

9.8AI Score

0.012EPSS

2021-11-03 07:15 PM

cve

CVE-2021-43141

Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Simple Subscription Website 1.0 via the id parameter in...

6.1CVSS

6AI Score

0.003EPSS

2021-11-03 07:15 PM

In Wild

cve

CVE-2015-4367

Cross-site scripting (XSS) vulnerability in the Simple Subscription module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer blocks" permission to inject arbitrary web script or HTML via vectors related to block...

5.4AI Score

0.001EPSS

2015-06-15 02:59 PM