Zotpress plugin for WordPress SQLi in zp_get_account()
Source: MITRE
Max CVSS
9.8
EPSS Score
0.51%
Published
2016-10-06
Updated
2016-12-22
Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla
Source: MITRE
Max CVSS
9.8
EPSS Score
0.16%
Published
2016-10-06
Updated
2017-09-06
Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6
Source: MITRE
Max CVSS
9.8
EPSS Score
0.22%
Published
2016-10-06
Updated
2017-09-06
Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla
Source: MITRE
Max CVSS
9.8
EPSS Score
0.49%
Published
2016-10-06
Updated
2017-09-06
XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension
Source: MITRE
Max CVSS
7.2
EPSS Score
0.32%
Published
2016-10-27
Updated
2016-12-22
SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla
Source: MITRE
Max CVSS
7.2
EPSS Score
0.32%
Published
2016-10-27
Updated
2016-12-22
SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla
Source: MITRE
Max CVSS
7.2
EPSS Score
0.29%
Published
2016-10-21
Updated
2018-05-02
XSS & SQLi in HugeIT slideshow v1.0.4
Source: MITRE
Max CVSS
7.2
EPSS Score
0.29%
Published
2016-10-21
Updated
2018-05-02
XSS & SQLi in HugeIT slideshow v1.0.4
Source: MITRE
Max CVSS
7.2
EPSS Score
0.29%
Published
2016-10-21
Updated
2017-01-06
Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS
Source: MITRE
Max CVSS
7.2
EPSS Score
0.12%
Published
2016-10-21
Updated
2017-03-28
Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS
Source: MITRE
Max CVSS
7.2
EPSS Score
0.20%
Published
2016-10-21
Updated
2017-11-13
XSS and SQLi in huge IT gallery v1.1.5 for Joomla
Source: MITRE
Max CVSS
9.8
EPSS Score
1.27%
Published
2016-10-06
Updated
2019-12-19
Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection
Source: MITRE
Max CVSS
8.8
EPSS Score
0.05%
Published
2016-10-06
Updated
2017-11-03
An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the control user. This gives read and write access to the tables of the configuration storage database, and if the control user has the necessary privileges, read access to some tables of the MySQL database. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.33%
Published
2016-12-11
Updated
2017-07-01
In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments. The method showComments is defined in the expCommentControllercontroller with the parameter '$this->params['content_id']' used directly in SQL. Impact is a SQL injection.
Source: MITRE
Max CVSS
9.8
EPSS Score
0.18%
Published
2016-11-29
Updated
2017-07-28
In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter "target" of function "DragnDropReRank" is directly used without any filtration which caused SQL injection. The payload can be used like this: /navigation/DragnDropReRank/target/1.
Source: MITRE
Max CVSS
9.8
EPSS Score
0.18%
Published
2016-11-11
Updated
2017-07-28
In /framework/modules/notfound/controllers/notfoundController.php of Exponent CMS 2.4.0 patch1, untrusted input is passed into getSearchResults. The method getSearchResults is defined in the search model with the parameter '$term' used directly in SQL. Impact is a SQL injection.
Source: MITRE
Max CVSS
9.8
EPSS Score
0.20%
Published
2016-11-15
Updated
2016-11-29
SQL Injection in framework/core/subsystems/expRouter.php in Exponent CMS v2.4.0 allows remote attackers to read database information via address/addContentToSearch/id/ and a trailing string, related to a "sef URL" issue.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.12%
Published
2016-11-11
Updated
2017-07-28
SQL Injection in framework/modules/search/controllers/searchController.php in Exponent CMS v2.4.0 allows remote attackers to read database information via action=search&module=search with the search_string parameter.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.12%
Published
2016-11-11
Updated
2017-07-28
A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service.
Source: MITRE
Max CVSS
9.1
EPSS Score
0.16%
Published
2016-11-11
Updated
2016-11-29
Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) content_type or (2) subtype parameter.
Source: MITRE
Max CVSS
8.8
EPSS Score
0.11%
Published
2016-11-07
Updated
2016-11-29
In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table names are wrapped with a character that common filters do not filter, allowing for SQL Injection. Impact is Information Disclosure.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.09%
Published
2016-11-04
Updated
2016-11-29
In /framework/modules/ecommerce/controllers/orderController.php of Exponent CMS 2.4.0, untrusted input is passed into selectObjectsBySql. The method selectObjectsBySql of class mysqli_database uses the injectProof method to prevent SQL injection, but this filter can be bypassed easily: it only sanitizes user input if there are odd numbers of ' or " characters. Impact is Information Disclosure.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.12%
Published
2016-11-04
Updated
2016-11-29
Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/framework/modules/help/controllers/helpController.php" affecting the version parameter. Impact is Information Disclosure.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.09%
Published
2016-11-03
Updated
2016-11-29
Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/expPaginator.php" affecting the order parameter. Impact is Information Disclosure.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.10%
Published
2016-11-03
Updated
2016-11-29
97 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!