Security
Headlines
HeadlinesLatestCVEs

Tag

#webkit

Simple Task Managing System 1.0 SQL Injection

Simple Task Managing System version 1.0 suffers from a remote SQL injection vulnerability.

Packet Storm
Open in Source
#sql#vulnerability#web#windows#apple#apache#js#git#php#auth#chrome#webkit#firefox
CVE-2023-1908: bug_report/SQLi-1.md at main · Kerkong/bug_report

A vulnerability was found in SourceCodester Simple Mobile Comparison Website 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/categories/view_category.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225150 is the identifier assigned to this vulnerability.

CVE-2022-4938: Changeset 2632630 for wc-frontend-manager – WordPress Plugin Repository

The WCFM Frontend Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.6.0 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying knowledge bases, modifying notices, modifying payments, managing vendors, capabilities, and so much more, via a forged request granted they can trick a site's administrator into performing an action such as clicking on a link. There were hundreds of AJAX endpoints affected.

CVE-2023-1856: bug_report/SQLi-1.md at main · Hackergrave/bug_report

A vulnerability has been found in SourceCodester Air Cargo Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/transactions/track_shipment.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224995.

Online Pizza Ordering 1.0 Shell Upload

Online Pizza Ordering version 1.0 suffers from a remote shell upload vulnerability.

WordPress File Manager 6.9 Shell Upload

WordPress File Manager plugin versions 6.0 through 6.9 suffer from a remote shell upload vulnerability.

CVE-2023-1800: ForCVE/2023-0x05.md at main · yangyanglo/ForCVE

A vulnerability, which was classified as critical, has been found in sjqzhang go-fastdfs up to 1.4.3. Affected by this issue is the function upload of the file /group1/uploa of the component File Upload Handler. The manipulation leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224768.