CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-25013

The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the qubely_delete_saved_block AJAX action, and does not ensure that the block to be deleted belong to the plugin, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：49 | 回复：0
CVE-2021-25015

The myCred WordPress plugin before 2.4 does not sanitise and escape the search query before outputting it back in the history dashboard page, leading to a Reflected Cross-Site Scripting issue……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：51 | 回复：0
CVE-2021-25017

The Tutor LMS WordPress plugin before 1.9.12 does not escape the search parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：52 | 回复：0
CVE-2021-25028

The Event Tickets WordPress plugin before 5.2.2 does not validate the tribe_tickets_redirect_to parameter before redirecting the user to the given value, leading to an arbitrary redirect issue……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：45 | 回复：0
CVE-2021-25031

The Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier) WordPress plugin before 9.7.1 does not escape the effects parameter before outputting it back in an attribu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：53 | 回复：0
CVE-2021-25035

The Backup and Staging by WP Time Capsule WordPress plugin before 1.22.7 does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：53 | 回复：0
CVE-2021-25045

The Asgaros Forum WordPress plugin before 1.15.15 does not validate or escape the forum_id parameter before using it in a SQL statement when editing a forum, leading to an SQL injection issue……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：47 | 回复：0
CVE-2021-25049

The Mobile Events Manager WordPress plugin before 1.4.4 does not sanitise and escape various of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilt ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：39 | 回复：0
CVE-2021-25062

The Orders Tracking for WooCommerce WordPress plugin before 1.1.10 does not sanitise and escape the file_url before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：57 | 回复：0
CVE-2021-25073

The WP125 WordPress plugin before 1.5.5 does not have CSRF checks in various action, for example when deleting an ad, allowing attackers to make a logged in admin delete them via a CSRF attack……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：48 | 回复：0
CVE-2021-25074

The WebP Converter for Media WordPress plugin before 4.0.3 contains a file (passthru.php) which does not validate the src parameter before redirecting the user to it, leading to an Open Redirect issue……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：36 | 回复：0
CVE-2021-25076

The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：51 | 回复：0
CVE-2021-25078

The Affiliates Manager WordPress plugin before 2.9.0 does not validate, sanitise and escape the IP address of requests logged by the click tracking feature, allowing unauthenticated attackers to perfo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：49 | 回复：0
CVE-2021-25079

The Contact Form Entries WordPress plugin before 1.2.4 does not sanitise and escape various parameters, such as form_id, status, end_date, order, orderby and search before outputting them back in the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：58 | 回复：0
CVE-2021-25080

The Contact Form Entries WordPress plugin before 1.1.7 does not validate, sanitise and escape the IP address retrieved via headers such as CLIENT-IP and X-FORWARDED-FOR, allowing unauthenticated attac ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：40 | 回复：0
CVE-2021-25083

The Registrations for the Events Calendar WordPress plugin before 2.7.10 does not escape the qtype parameter before outputting it back in an attribute in the settings page, leading to a Reflected Cros ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：49 | 回复：0
CVE-2022-0269

Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm prior to 6.3.0.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：39 | 回复：0
CVE-2021-44981

In QuickBox Pro v2.5.8 and below, the config.php file has a variable which takes a GET parameter value and parses it into a shell_exec(''); function without properly sanitizing any shell argum ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：52 | 回复：0
CVE-2022-22296

Sourcecodester Hospital's Patient Records Management System 1.0 is vulnerable to Insecure Permissions via the id parameter in manage_user endpoint. Simply change the value and data of other users ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：40 | 回复：0
CVE-2021-40596

SQL injection vulnerability in Login.php in sourcecodester Online Learning System v2 by oretnom23, allows attackers to execute arbitrary SQL commands via the faculty_id parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：49 | 回复：0
CVE-2021-40907

SQL injection vulnerability in Sourcecodester Storage Unit Rental Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /storage/classes/L ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：54 | 回复：0
CVE-2021-40908

SQL injection vulnerability in Login.php in Sourcecodester Purchase Order Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：52 | 回复：0
CVE-2022-23437

There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, w ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：46 | 回复：0
CVE-2021-40909

Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD without Refresh/Reload using Ajax and DataTables Tutorial v1 by oretnom23, allows remote attackers to execute arbitrary code via the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：38 | 回复：0
CVE-2021-41471

SQL injection vulnerability in Sourcecodester South Gate Inn Online Reservation System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the email and Password parameters.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：41 | 回复：0
CVE-2021-41472

SQL injection vulnerability in Sourcecodester Simple Membership System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password parameters.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：48 | 回复：0
CVE-2021-4088

SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：54 | 回复：0
CVE-2021-41658

Cross Site Scripting (XSS) in Sourcecodester Student Quarterly Grading System by oretnom23, allows attackers to execute arbitrary code via the fullname and username parameters to the users page.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：53 | 回复：0
CVE-2021-35005

This vulnerability allows local attackers to disclose sensitive information on affected installations of TeamViewer. An attacker must first obtain the ability to execute low-privileged code on the tar ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：47 | 回复：0
CVE-2021-41659

SQL injection vulnerability in Sourcecodester Banking System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username or password field.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：51 | 回复：0
CVE-2021-41660

SQL injection vulnerability in Sourcecodester Patient Appointment Scheduler System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password fields to login.php ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：56 | 回复：0
CVE-2021-41929

Cross Site Scripting (XSS) in Sourcecodester The Electric Billing Management System 1.0 by oretnom23, allows attackers to execute arbitrary code via the about page.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：68 | 回复：0
CVE-2021-41928

SQL injection in Sourcecodester Try My Recipe (Recipe Sharing Website - CMS) 1.0 by oretnom23, allows attackers to execute arbitrary code via the rid parameter to the view_recipe page.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：42 | 回复：0
CVE-2021-41930

Cross site scripting (XSS) vulnerability in Sourcecodester Online Covid Vaccination Scheduler System v1 by oretnom23, allows attackers to execute arbitrary code via the lid parameter to /scheduler/add ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：47 | 回复：0
CVE-2021-42168

Cross Site Scripting (XSS) in Sourcecodester Try My Recipe (Recipe Sharing Website - CMS) by oretnom23, allows attackers to gain the PHPSESID or other unspecified impacts via the fullname parameter to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：64 | 回复：0
CVE-2021-43420

SQL injection vulnerability in Login.php in Sourcecodester Online Payment Hub v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：42 | 回复：0
CVE-2022-23126

TeslaMate before 1.25.1 (when using the default Docker configuration) allows attackers to open doors of Tesla vehicles, start Keyless Driving, and interfere with vehicle operation en route. This occur ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：50 | 回复：0
CVE-2020-17383

A directory traversal vulnerability on Telos Z/IP One devices through 4.0.0r grants an unauthenticated individual root level access to the device's file system. This can be used to identify config ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：42 | 回复：0
CVE-2021-36342

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：44 | 回复：0
CVE-2021-36343

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:07 | 阅读：43 | 回复：0