Archive

Archive for the ‘SQL Injection’ Category

Ektron CMS Two SQL Injection

March 30th, 2014
Comments Off

Application: Ektron CMS
Affected Version: versions prior to 9.00.
Vendor’s URL: Ektron CMS
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Upgrade to version 9.00 or later.

Content Management, SQL Injection

Netvolution CMS SQL Injection

March 30th, 2014
Comments Off

Application: Netvolution CMS
Affected Version: version 3 and other versions.
Vendor’s URL: Netvolution CMS
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, SQL Injection

Jorjweb “id” SQL Injection

March 30th, 2014
Comments Off

Application: Jorjweb
Affected Version: -
Vendor’s URL: Jorjweb
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, SQL Injection

Joomla! AJAX Shoutbox Component “jal_lastID” SQL Injection

March 30th, 2014
Comments Off

Application: Joomla!
Affected Version: version 1.6 and prior versions.
Vendor’s URL: AJAX Shoutbox Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.7.

Content Management, SQL Injection

LuxCal Web Calendar Cross-Site Request Forgery and SQL Injection

March 30th, 2014
Comments Off

Application: LuxCal Web Calendar
Affected Version: version 3.2.2 and other versions.
Vendor’s URL: LuxCal Web Calendar
Bug Type: Cross-Site Request Forgery and SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting, SQL Injection

WordPress Relevanssi Plugin “category_name” SQL Injection

March 30th, 2014
Comments Off

Application: WordPress
Affected Version: versions prior to 3.3.
Vendor’s URL: Relevanssi Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 3.3 or later.

Content Management, SQL Injection

Ganesha Digital Library Cross-Site Scripting and SQL Injection

March 30th, 2014
Comments Off

Application: Ganesha Digital Library
Affected Version: version 4.2 and other versions.
Vendor’s URL: Ganesha Digital Library
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Cross Site Scripting, SQL Injection

Cory Support “q” SQL Injection

March 30th, 2014
Comments Off

Application: Cory Support
Affected Version: version 1.0 and other versions.
Vendor’s URL: Cory Support
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Customer Relationship, SQL Injection

Joomla! Multiple Vulnerabilities

February 28th, 2014
Comments Off

Application: Joomla!
Affected Version: versions 2.5.18, 3.2.1 and 3.2.2
Vendor’s URL: Joomla!
Bug Type: Security Bypass, Cross Site Scripting, SQL Injection
Risk Level: Critical

Solution:
Update to version 2.5.19 or 3.2.3.

Access Bypass, Content Management, Cross Site Scripting, SQL Injection

WordPress Search Everything Plugin SQL Injection

February 28th, 2014
Comments Off

Application: WordPress
Affected Version: version 7.0.2 and prior versions.
Vendor’s URL: Search Everything Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 7.0.3 or later.

Content Management, SQL Injection

WordPress AdRotate Plugin “track” SQL Injection

February 28th, 2014
Comments Off

Application: WordPress
Affected Version: AdRotate Free version 3.9.4 and reported in AdRotate Pro versions prior to 3.9.6.
Vendor’s URL: AdRotate Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to a fixed version.

Content Management, SQL Injection

Joomla! JV Comment Component “id” SQL Injection

February 28th, 2014
Comments Off

Application: Joomla!
Affected Version: version 3.0.2 and prior versions
Vendor’s URL: JV Comment Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 3.0.3.

Content Management, SQL Injection

Joomla! Sexy Polling Component “answer_id[]” SQL Injection

January 29th, 2014
Comments Off

Application: Joomla!
Affected Version: version 1.0.8 and prior versions.
Vendor’s URL: Sexy Polling Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.0.9.

Content Management, SQL Injection

InstantCMS “orderby” SQL Injection

December 30th, 2013
Comments Off

Application: InstantCMS
Affected Version: versions 1.10.3 and prior.
Vendor’s URL: InstantCMS
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Apply patch.

Content Management, SQL Injection

WordPress FormCraft Plugin “id” SQL Injection

December 30th, 2013
Comments Off

Application: WordPress
Affected Version: version 1.3 and other versions.
Vendor’s URL: FormCraft Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, SQL Injection

MyBB Cross-Site Scripting and SQL Injection

December 30th, 2013
Comments Off

Application: MyBB
Affected Version: versions prior to 1.6.12.
Vendor’s URL: MyBB
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical

Solution:
Update to version 1.6.12.

Cross Site Scripting, Discussion Boards, SQL Injection

Joomla! Projectfork Component “search” and “order” SQL Injection

November 29th, 2013
Comments Off

Application: Joomla!
Affected Version: versions prior to 3.0.11.
Vendor’s URL: Projectfork Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 3.0.11.

Content Management, SQL Injection

Bilboplanet Cross-Site Scripting and SQL Injection

October 31st, 2013
Comments Off

Application: Bilboplanet
Affected Version: version 2.0 and other versions.
Vendor’s URL: Bilboplanet
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting, SQL Injection

WordPress Landing Pages Plugin “post” SQL Injection

October 31st, 2013
Comments Off

Application: WordPress
Affected Version: version 1.2.3 and prior versions.
Vendor’s URL: Landing Pages Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.2.3 (10/09/13).

Content Management, SQL Injection

glFusion “cat_id” SQL Injection

September 30th, 2013
Comments Off

Application: glFusion
Affected Version: version 1.3.0 and prior versions.
Vendor’s URL: glFusion
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.3.1.

Content Management, SQL Injection