Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
log injection vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-18573
The simple-login-log plugin prior to 1.1.2 for WordPress has SQL injection.
Simplerealtytheme Simple Login Log
9.8
CVSSv3
CVE-2023-37966
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solwin Infotech User Activity Log user-activity-log allows SQL Injection.This issue affects User Activity Log: from n/a up to and including 1.6.2.
Solwininfotech User Activity Log
9.8
CVSSv3
CVE-2023-3435
The User Activity Log WordPress plugin prior to 1.6.5 does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing unauthenticated malicious users to conduct SQL injection attacks.
Solwininfotech User Activity Log
8.8
CVSSv3
CVE-2023-5645
The WP Mail Log WordPress plugin prior to 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor.
Wpvibes Wp Mail Log
8.8
CVSSv3
CVE-2023-5674
The WP Mail Log WordPress plugin prior to 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor.
Wpvibes Wp Mail Log
7.2
CVSSv3
CVE-2023-2761
The User Activity Log WordPress plugin prior to 1.6.3 does not properly sanitise and escape the `txtsearch` parameter before using it in a SQL statement in some admin pages, leading to a SQL injection exploitable by high privilege users such as admin.
Solwininfotech User Activity Log
4.6
CVSSv3
CVE-2019-4216
IBM SmartCloud Analytics 1.3.1 up to and including 1.3.5 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM X-Force ID: 159187.
Ibm Smartcloud Analytics Log Analysis
5.3
CVSSv3
CVE-2022-32549
Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an malicious user to cover tracks by injecting fake logs and potentially corrupt log files.
Apache Sling Commons Log
Apache Sling Api
4.3
CVSSv3
CVE-2021-22035
VMware vRealize Log Insight (8.x before 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sh...
Vmware Cloud Foundation
Vmware Vrealize Log Insight
Vmware Vrealize Suite Lifecycle Manager
5.4
CVSSv3
CVE-2016-9261
Cross-site scripting (XSS) vulnerability in Tenable Log Correlation Engine (aka LCE) prior to 4.8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Tenable Log Correlation Engine
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »