Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2022-45990: CVE-nu11secur1ty/vendors/winston-dsouza/ecommerce-website at main · nu11secur1ty/CVE-nu11secur1ty

A cross-site scripting (XSS) vulnerability in the component /signup_script.php of Ecommerce-Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the eMail parameter.

CVE
Open in Source
#sql#xss#vulnerability#web#windows#apple#google#ddos#java#php#botnet#chrome#webkit
CVE-2022-45019: CVE-nu11secur1ty/vendors/slims.web.id/SLIMS-9.5.0 at main · nu11secur1ty/CVE-nu11secur1ty

SLiMS 9 Bulian v9.5.0 was discovered to contain a SQL injection vulnerability via the keywords parameter.

CVE-2022-32224: [CVE-2022-32224] Possible RCE escalation bug with Serialized Columns in Active Record

A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE.

CVE-2022-3249

The WP CSV Exporter WordPress plugin before 1.3.7 does not properly sanitise and escape some parameters before using them in a SQL statement, allowing high privilege users such as admin to perform SQL injection attacks

CVE-2022-3856

The Comic Book Management System WordPress plugin before 2.2.0 does not sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.

CVE-2022-3858

The Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line, WeChat, Email, SMS, Call Button WordPress plugin before 3.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin.

Automotive Shop Management System 1.0 SQL Injection

Automotive Shop Management System version 1.0 suffers from a remote SQL injection vulnerability.

When Being Attractive Gets Risky - How Does Your Attack Surface Look to an Attacker?

In the era of digitization and ever-changing business needs, the production environment has become a living organism. Multiple functions and teams within an organization can ultimately impact the way an attacker sees the organization's assets, or in other words, the external attack surface. This dramatically increases the need to define an exposure management strategy. To keep up with business

CVE-2022-43504: WordPress 6.0.3 Security Release

Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature.