REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3) to Calendar/calendar_popup_ajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to...
The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection....
The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL injection....
The i-recommend-this plugin before 3.7.3 for WordPress has SQL injection....
The wp-business-intelligence-lite plugin before 1.6.3 for WordPress has SQL injection....
The note-press plugin before 0.1.2 for WordPress has SQL injection....
The olimometer plugin before 2.57 for WordPress has SQL injection....
The visitors-online plugin before 0.4 for WordPress has SQL injection....
An issue was discovered in Zoho ManageEngine OpManager through 12.4x. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently...
An issue was discovered in Zoho ManageEngine Application Manager through 14.2. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can...
Vulmon