Archive

Archive for the ‘SQL Injection’ Category

WordPress All-in-One Event Calendar Plugin Script Insertion and SQL Injection

August 26th, 2013
Comments Off

Application: WordPress
Affected Version: version 1.9 and other versions.
Vendor’s URL: All-in-One Event Calendar Plugin
Bug Type: Cross Site Scripting and SQL Injection
Risk Level: Critical

Solution:
Update to version 1.10.

Content Management, Cross Site Scripting, SQL Injection

Joomla! redSHOP Component “pid” SQL Injection

August 26th, 2013
Comments Off

Application: Joomla!
Affected Version: version 1.2 and prior versions.
Vendor’s URL: redSHOP Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.3.

Content Management, SQL Injection

Joomla! Jomres Component Script Insertion and SQL Injection

August 26th, 2013
Comments Off

Application: Joomla!
Affected Version: version 7.3.0 and other versions.
Vendor’s URL: Jomres Component
Bug Type: Cross Site Scripting and SQL Injection
Risk Level: Critical

Solution:
Update to version 7.3.1.

Content Management, Cross Site Scripting, SQL Injection

Joomla! SectionEx Component Two SQL Injection

August 26th, 2013
Comments Off

Application: Joomla!
Affected Version: versions prior to 2.5.104.
Vendor’s URL: SectionEx Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 2.5.104.

Content Management, SQL Injection

Cotonti “c” SQL Injection

August 26th, 2013
Comments Off

Application: Cotonti
Affected Version: version 0.9.13 and prior versions.
Vendor’s URL: Cotonti
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 0.9.14.

Content Management, SQL Injection

Joomla! VirtueMart Component Two Cross-Site Scripting and SQL Injection

August 26th, 2013
Comments Off

Application: Joomla!
Affected Version: versions prior to 2.0.22b.
Vendor’s URL: VirtueMart Component
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical

Solution:
Update to version 2.0.22b.

Cross Site Scripting, E-Commerce, SQL Injection

WordPress Spider Catalog Plugin Cross-Site Scripting and SQL Injection

May 27th, 2013
Comments Off

Application: WordPress
Affected Version: version 1.4.7 and other versions.
Vendor’s URL: Spider Catalog Plugin
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting, SQL Injection

WordPress Video Gallery Plugin “playid” SQL Injection

May 27th, 2013
Comments Off

Application: WordPress
Affected Version: versions 1.6 and 2.0 and other versions.
Vendor’s URL: Video Gallery Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Upgrade or update to version 2.1.

Content Management, SQL Injection

Joomla! DJ-Classifieds Component “se_regs[]” SQL Injection

May 27th, 2013
Comments Off

Application: Joomla!
Affected Version: version 2.3.2 and other versions.
Vendor’s URL: DJ-Classifieds Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, SQL Injection

phpVMS PopUpNews Module SQL Injection

April 26th, 2013
Comments Off

Application: phpVMS
Affected Version: version 2.0 and other versions.
Vendor’s URL: PopUpNews Module
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, SQL Injection

Joomla! RSFiles! Component “cid” SQL Injection

March 28th, 2013
Comments Off

Application: Joomla!
Affected Version: version 1.0.0 Rev 11 and other versions.
Vendor’s URL: RSFiles! Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Content Management, SQL Injection

WordPress LeagueManager Plugin Security Bypass and SQL Injection

March 28th, 2013
Comments Off

Application: WordPress
Affected Version: version 3.8 and prior versions.
Vendor’s URL: LeagueManager Plugin
Bug Type: Security Bypass and SQL Injection
Risk Level: Critical

Solution:
Update to version 3.8.1.

Access Bypass, Content Management, SQL Injection

WordPress Comment Rating Plugin Security Bypass Weakness and SQL Injection

March 28th, 2013
Comments Off

Application: WordPress
Affected Version: version 2.9.32 and other versions.
Vendor’s URL: Comment Rating Plugin
Bug Type: Security Bypass & SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Access Bypass, Content Management, SQL Injection

WordPress Mingle Forum Plugin Cross-Site Scripting and SQL Injection

February 26th, 2013
Comments Off

Application: WordPress
Affected Version: version 1.0.33.3 and prior versions.
Vendor’s URL: Mingle Forum Plugin
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical

Solution:
Update to version 1.0.34.

Content Management, Cross Site Scripting, SQL Injection

PHP-Fusion Two SQL Injection Vulnerabilities

February 26th, 2013
Comments Off

Application: PHP-Fusion
Affected Version: version 7.02.05 and other versions.
Vendor’s URL: PHP-Fusion
Bug Type: SQL injection
Risk Level: Critical

Solution:
Update to version 7.02.06.

Content Management, SQL Injection

WordPress WP Symposium Plugin Multiple SQL Injection

January 25th, 2013
Comments Off

Application: WordPress
Affected Version: version 12.09 and other versions.
Vendor’s URL: WP Symposium Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 12.12.

Content Management, SQL Injection

WordPress Simple Login Log Plugin Multiple Vulnerabilities

January 25th, 2013
Comments Off

Application: WordPress
Affected Version: version 0.9.3 and prior versions.
Vendor’s URL: Simple Login Log Plugin
Bug Type: Cross Site Scripting and SQL Injection
Risk Level: Critical

Solution:
Update to version 0.9.4.

Content Management, Cross Site Scripting, SQL Injection

WordPress Store Locator Plus Plugin “query” SQL Injection

January 25th, 2013
Comments Off

Application: WordPress
Affected Version: version 3.8.6 and prior versions.
Vendor’s URL: Store Locator Plus Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 3.8.7

Content Management, SQL Injection

MyBB Profile Wii Friend Code Plugin Cross-Site Scripting and SQL Injection

January 25th, 2013
Comments Off

Application: MyBB
Affected Version: version 1.0 and other versions.
Vendor’s URL: Profile Wii Friend Code Plugin
Bug Type: Cross-Site Scripting and SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Cross Site Scripting, Discussion Boards, SQL Injection

WordPress Shopping Cart Plugin Multiple SQL Injection

January 25th, 2013
Comments Off

Application: WordPress
Affected Version: version 8.1.14 and other versions.
Vendor’s URL: Shopping Cart Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 8.1.15.

Content Management, SQL Injection