Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

project log vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2023-4281
This Activity Log WordPress plugin prior to 2.8.8 retrieves client IP addresses from potentially untrusted headers, allowing an malicious user to manipulate its value. This may be used to hide the source of malicious traffic.
Activity Log Project Activity Log
NA
CVE-2022-3941
A vulnerability has been found in Activity Log Plugin and classified as critical. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack can be ini...
Activity Log Project Activity Log -
6.8
CVSSv2
CVE-2015-3351
Multiple cross-site request forgery (CSRF) vulnerabilities in the Log Watcher module prior to 6.x-1.2 for Drupal allow remote malicious users to hijack the authentication of administrators for requests that (1) enable, (2) disable, or (3) delete a report via unspecified vectors.
Log Watcher Project Log Watcher
6.5
CVSSv2
CVE-2021-24758
The Email Log WordPress plugin prior to 2.4.7 does not properly validate, sanitise and escape the "orderby" and "order" GET parameters before using them in SQL statement in the admin dashboard, leading to SQL injections
Email Log Project Email Log
4.3
CVSSv2
CVE-2021-24924
The Email Log WordPress plugin prior to 2.4.8 does not escape the d parameter before outputting it back in an attribute in the Log page, leading to a Reflected Cross-Site Scripting issue
Email Log Project Email Log
NA
CVE-2023-23721
Cross-Site Request Forgery (CSRF) vulnerability in David Gwyer Admin Log plugin <= 1.50 versions.
Admin Log Project Admin Log
NA
CVE-2022-27858
CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress.
Activity Log Project Activity Log
6.5
CVSSv2
CVE-2015-4613
SQL injection vulnerability in the backend module in the Developer Log (devlog) extension prior to 2.11.4 for TYPO3 allows remote editors to execute arbitrary SQL commands via unspecified vectors.
Developer Log Project Developer Log
6.8
CVSSv2
CVE-2020-18264
Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote malicious users to gain privilege and execute arbitrary code via the component "Simple-Log/admin/admin.php?act=act_edit_member".
Simple-log Project Simple-log 1.6
6.8
CVSSv2
CVE-2020-18265
Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote malicious users to gain privilege and execute arbitrary code via the component "Simple-Log/admin/admin.php?act=act_add_member".
Simple-log Project Simple-log 1.6
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook