Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
log injection vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2017-18514
The simple-login-log plugin prior to 1.1.2 for WordPress has SQL injection.
Simplerealtytheme Simple Login Log
NA
CVE-2023-37966
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solwin Infotech User Activity Log user-activity-log allows SQL Injection.This issue affects User Activity Log: from n/a up to and including 1.6.2.
Solwininfotech User Activity Log
NA
CVE-2023-3435
The User Activity Log WordPress plugin prior to 1.6.5 does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing unauthenticated malicious users to conduct SQL injection attacks.
Solwininfotech User Activity Log
NA
CVE-2023-5645
The WP Mail Log WordPress plugin prior to 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor.
Wpvibes Wp Mail Log
NA
CVE-2023-5674
The WP Mail Log WordPress plugin prior to 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor.
Wpvibes Wp Mail Log
NA
CVE-2023-2761
The User Activity Log WordPress plugin prior to 1.6.3 does not properly sanitise and escape the `txtsearch` parameter before using it in a SQL statement in some admin pages, leading to a SQL injection exploitable by high privilege users such as admin.
Solwininfotech User Activity Log
436
VMScore
CVE-2019-4216
IBM SmartCloud Analytics 1.3.1 up to and including 1.3.5 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM X-Force ID: 159187.
Ibm Smartcloud Analytics Log Analysis
445
VMScore
CVE-2022-32549
Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an malicious user to cover tracks by injecting fake logs and potentially corrupt log files.
Apache Sling Commons Log
Apache Sling Api
356
VMScore
CVE-2021-22035
VMware vRealize Log Insight (8.x before 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sh...
Vmware Cloud Foundation
Vmware Vrealize Log Insight
Vmware Vrealize Suite Lifecycle Manager
312
VMScore
CVE-2016-9261
Cross-site scripting (XSS) vulnerability in Tenable Log Correlation Engine (aka LCE) prior to 4.8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Tenable Log Correlation Engine
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site request forgery
CVE-2024-34351
CVE-2024-1076
CVE-2024-25522
CVE-2024-34547
CVE-2024-4644
unauthorized
remote
CVE-2024-4671
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »