Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ajax vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2019-16759
vBulletin 5.x up to and including 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
Vbulletin Vbulletin
1 EDB exploit
1 Metasploit module
16 Github repositories
4.3
CVSSv2
CVE-2014-8809
Multiple cross-site scripting (XSS) vulnerabilities in the WP Symposium plugin prior to 14.11 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) text parameter in an addComment action to ajax/profile_functions.php, (2) compose_text param...
Wpsymposiumpro Wp Symposium
7.5
CVSSv2
CVE-2013-5957
Multiple SQL injection vulnerabilities in CRM/Core/Page/AJAX/Location.php in CiviCRM prior to 4.2.12, 4.3.x prior to 4.3.7, and 4.4.x prior to 4.4.beta4 allow remote malicious users to execute arbitrary SQL commands via the _value parameter to (1) ajax/jqState or (2) ajax/jqcount...
Civicrm Civicrm 4.4.0
Civicrm Civicrm 4.4
Civicrm Civicrm
Civicrm Civicrm 4.2.10
Civicrm Civicrm 4.2.5
Civicrm Civicrm 4.2.4
Civicrm Civicrm 4.2.2
Civicrm Civicrm 4.2.1
Civicrm Civicrm 4.2.9
Civicrm Civicrm 4.2.7
Civicrm Civicrm 4.2.8
Civicrm Civicrm 4.2.6
Civicrm Civicrm 4.2.0
Civicrm Civicrm 4.3.3
Civicrm Civicrm 4.3.4
Civicrm Civicrm 4.3.5
Civicrm Civicrm 4.3.6
Civicrm Civicrm 4.3.1
Civicrm Civicrm 4.3.0
Civicrm Civicrm 4.3.2
NA
CVE-2022-47604
Missing Authorization vulnerability in junkcoder, ristoniinemets AJAX Thumbnail Rebuild.This issue affects AJAX Thumbnail Rebuild: from n/a up to and including 1.13.
7.5
CVSSv2
CVE-2017-17970
Multiple SQL injection vulnerabilities in Muviko 1.1 allow remote malicious users to execute arbitrary SQL commands via the (1) email parameter to login.php; the (2) season_id parameter to themes/flixer/ajax/load_season.php; the (3) movie_id parameter to themes/flixer/ajax/get_ra...
Muvikoscript Muviko 1.1
1 EDB exploit
7.5
CVSSv2
CVE-2020-28657
In bPanel 2.0, the administrative ajax endpoints (aka ajax/aj_*.php) are accessible without authentication and allow SQL injections, which could lead to platform compromise.
Bittacora Bpanel 2.0
NA
CVE-2024-21752
Cross-Site Request Forgery (CSRF) vulnerability in Ernest Marcinko Ajax Search Lite allows Reflected XSS.This issue affects Ajax Search Lite: from n/a up to and including 4.11.4.
NA
CVE-2022-39986
A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated malicious users to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php.
Raspap Raspap
2 Github repositories
4
CVSSv2
CVE-2019-17271
vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter.
Vbulletin Vbulletin
7.5
CVSSv2
CVE-2007-5644
Lussumo Vanilla 1.1.3 and previous versions does not require admin privileges for (1) ajax/sortcategories.php and (2) ajax/sortroles.php, which allows remote malicious users to conduct unauthorized sort operations and other activities.
Lussumo Vanilla
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »