CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-23882

TuziCMS 2.0.6 is affected by SQL injection in \App\Manage\Controller\BannerController.class.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：64 | 回复：0
CVE-2021-43725

There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the data parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：63 | 回复：0
CVE-2022-0342

An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：65 | 回复：0
CVE-2022-23884

Mojang Bedrock Dedicated Server 1.18.2 is affected by an integer overflow leading to a bound check bypass caused by PurchaseReceiptPacket::_read (packet deserializer).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：70 | 回复：0
CVE-2021-43721

Leanote 2.7.0 is vulnerable to Cross Site Scripting (XSS) in the markdown type note. This leads to remote code execution with payload : video src=x onerror=(function(){require('child_process') ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：62 | 回复：0
CVE-2021-44103

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-42192. Reason: This candidate is a duplicate of CVE-2021-42192. Notes: All CVE users should reference CVE-2021-42192 instead of this ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：80 | 回复：0
CVE-2021-44124

Hiby Music Hiby OS R3 Pro 1.5 and 1.6 is vulnerable to Directory Traversal. The HTTP Server does not have enough input data sanitization when shown data from SD Card, an attacker can navigate through ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：68 | 回复：0
CVE-2015-10002

A vulnerability classified as problematic has been found in Kiddoware Kids Place. This affects the Home Button Protection. A repeated pressing of the button causes a local denial of service. It is rec ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：59 | 回复：0
CVE-2018-25030

A vulnerability classified as problematic has been found in Mirmay Secure Private Browser and File Manager up to 2.5. Affected is the Auto Lock. A race condition leads to a local authentication bypass ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：65 | 回复：0
CVE-2021-24746

The Social Sharing Plugin WordPress plugin before 3.3.40 does not escape the viewed post URL before outputting it back in onclick attributes when the Enable 'More' icon option is enabled (whic ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：76 | 回复：0
CVE-2021-24962

The WordPress File Upload Free and Pro WordPress plugins before 4.16.3 allow users with a role as low as Contributor to perform path traversal via a shortcode argument, which can then be used to uploa ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：70 | 回复：0
CVE-2021-24978

The OSMapper WordPress plugin through 2.1.5 contains an AJAX action to delete a plugin related post type named 'map' and is registered with the wp_ajax_nopriv prefix, making it available to un ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：101 | 回复：0
CVE-2021-25012

The Pz-LinkCard WordPress plugin through 2.4.4.4 does not sanitise and escape multiple parameters before outputting them back in admin dashboard pages, leading to Reflected Cross-Site Scripting issues……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：74 | 回复：0
CVE-2021-25064

The Wow Countdowns WordPress plugin through 3.1.2 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：52 | 回复：0
CVE-2021-25068

The Sync WooCommerce Product feed to Google Shopping WordPress plugin through 1.2.4 uses the 'feed_id' POST parameter which is not properly sanitized for use in a SQL statement, leading to a S ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：71 | 回复：0
CVE-2021-25070

The Block Bad Bots WordPress plugin before 6.88 does not properly sanitise and escape the User Agent before using it in a SQL statement to record logs, leading to an SQL Injection issue……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：59 | 回复：0
CVE-2021-25071

The WordPress plugin through 2.0.1 does not sanitise and escape the translation parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：72 | 回复：0
CVE-2022-0388

The Interactive Medical Drawing of Human Body WordPress plugin before 2.6 does not sanitise and escape the Link field, allowing high privilege users to perform Cross-Site Scripting attacks even when t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：73 | 回复：0
CVE-2022-0397

The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.4 does not sanitise and escape the key parameter before outputting it back in the wishlist_quickview AJAX action's response (avai ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：82 | 回复：0
CVE-2022-0450

The Menu Image, Icons made easy WordPress plugin before 3.0.8 does not have authorisation and CSRF checks when saving menu settings, and does not validate, sanitise and escape them. As a result, any a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：87 | 回复：0
CVE-2022-0479

The Popup Builder WordPress plugin before 4.1.1 does not sanitise and escape the sgpb-subscription-popup-id parameter before using it in a SQL statement in the All Subscribers admin dashboard, leading ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：103 | 回复：0
CVE-2022-0493

The String locator WordPress plugin before 2.5.0 does not properly validate the path of the files to be searched, allowing high privilege users such as admin to query arbitrary files on the web server ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：142 | 回复：0
CVE-2022-0499

The Sermon Browser WordPress plugin through 0.45.22 does not have CSRF checks in place when uploading Sermon files, and does not validate them in any way, allowing attackers to make a logged in admin ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：165 | 回复：0
CVE-2022-0595

The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.3 allows SVG files to be uploaded by default via the dnd_codedropz_upload AJAX action, which could lead to Stored Cross-Site Script ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：171 | 回复：0
CVE-2022-0599

The Mapping Multiple URLs Redirect Same Page WordPress plugin through 5.8 does not sanitize and escape the mmursp_id parameter before outputting it back in an admin page, leading to a Reflected Cross- ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：330 | 回复：0
CVE-2022-0600

The Conference Scheduler WordPress plugin before 2.4.3 does not sanitize and escape the tab parameter before outputting back in an admin page, leading to a Reflected Cross-Site Scripting.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：157 | 回复：0
CVE-2022-0619

The Database Peek WordPress plugin through 1.2 does not sanitize and escape the match parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：125 | 回复：0
CVE-2022-0620

The Delete Old Orders WordPress plugin through 0.2 does not sanitize and escape the date parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：118 | 回复：0
CVE-2022-0621

The dTabs WordPress plugin through 1.4 does not sanitize and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：147 | 回复：0
CVE-2022-0641

The Popup Like box WordPress plugin before 3.6.1 does not sanitize and escape the ays_fb_tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：263 | 回复：0
CVE-2022-0643

The Bank Mellat WordPress plugin through 1.3.7 does not sanitize and escape the orderId parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：156 | 回复：0
CVE-2022-0647

The Bulk Creator WordPress plugin through 1.0.1 does not sanitize and escape the post_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：117 | 回复：0
CVE-2022-0679

The Narnoo Distributor WordPress plugin through 2.5.1 fails to validate and sanitize the lib_path parameter before it is passed into a call to require() via the narnoo_distributor_lib_request AJAX act ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：209 | 回复：0
CVE-2022-0680

The Plezi WordPress plugin before 1.0.3 has a REST endpoint allowing unauthenticated users to update the plz_configuration_tracker_enable option, which is then displayed in the admin panel without san ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：80 | 回复：0
CVE-2022-0720

The Amelia WordPress plugin before 1.0.47 does not have proper authorisation when managing appointments, allowing any customer to update other's booking, as well as retrieve sensitive information ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：130 | 回复：0
CVE-2022-0770

The Translate WordPress with GTranslate WordPress plugin before 2.9.9 does not have CSRF check in some files, and write debug data such as user's cookies in a publicly accessible file if a specifi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：93 | 回复：0
CVE-2022-0784

The Title Experiments Free WordPress plugin before 9.0.1 does not sanitise and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action (available to unauthenticated ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：61 | 回复：0
CVE-2022-0787

The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated u ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：62 | 回复：0
CVE-2022-0818

The WooCommerce Affiliate Plugin WordPress plugin before 4.16.4.5 does not have authorization and CSRF checks on a specific action handler, as well as does not sanitize its settings, which enables an ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：54 | 回复：0
CVE-2022-0833

The Church Admin WordPress plugin before 3.4.135 does not have authorisation and CSRF in some of its action as well as requested files, allowing unauthenticated attackers to repeatedly request the ref ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：52 | 回复：0