8.8
CVE-2018-25167 - Net-Billetterie 2.9 SQL Injection via login.inc.php
Net-Billetterie 2.9 contains an SQL injection vulnerability in the login parameter of login.inc.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit malicious SQL code through the login POST parameter to extract database information including usernames, pβ¦
8.8
CVE-2018-25166 - Meneame English Pligg 5.8 SQL Injection via search Parameter
Meneame English Pligg 5.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can send GET requests to index.php with crafted SQL payloads in the search parameter to extracβ¦
7.1
CVE-2018-25165 - Galaxy Forces MMORPG 0.5.8 SQL Injection via ads.php
Galaxy Forces MMORPG 0.5.8 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'type' parameter. Attackers can send POST requests to ads.php with crafted SQL payloads in the type parameter to extract seβ¦
8.7
CVE-2018-25164 - EverSync 0.5 Arbitrary File Download via files Directory
EverSync 0.5 contains an arbitrary file download vulnerability that allows unauthenticated attackers to access sensitive files by requesting them directly from the files directory. Attackers can send GET requests to the files directory to download database files like db.sq3 containing application dβ¦
8.8
CVE-2018-25163 - BitZoom 1.0 SQL Injection via rollno Parameter
BitZoom 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rollno and username parameters in forgot.php and login.php. Attackers can submit crafted POST requests with SQL UNION statements to extrβ¦
7.1
CVE-2018-25162 - 2-Plan Team 1.0.4 Arbitrary File Upload via managefile.php
2-Plan Team 1.0.4 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload executable PHP files by sending multipart form data to managefile.php. Attackers can upload PHP files through the userfile1 parameter with action=upload, which are stored in the files dirβ¦
8.8
CVE-2018-25161 - Warranty Tracking System 11.06.3 SQL Injection via SearchCustomer.php
Warranty Tracking System 11.06.3 contains an SQL injection vulnerability that allows attackers to execute arbitrary SQL queries by injecting malicious code through the txtCustomerCode, txtCustomerName, and txtPhone POST parameters in SearchCustomer.php. Attackers can submit crafted SQL statements uβ¦
4.3
CVE-2026-28080 - WordPress Rank Math SEO PRO plugin <= 3.0.96 - Broken Access Control vulnerability
Missing Authorization vulnerability in Rank Math Rank Math SEO PRO seo-by-rank-math-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rank Math SEO PRO: from n/a through <= 3.0.96.
4.7
CVE-2026-28106 - WordPress B2BKing Premium plugin < 5.4.20 - Open Redirection vulnerability
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kings Plugins B2BKing Premium allows Phishing.This issue affects B2BKing Premium: from n/a before 5.4.20.
5.9
CVE-2024-35644 - WordPress Preferred Languages plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pascal Birchler Preferred Languages allows DOM-Based XSS.This issue affects Preferred Languages: from n/a through 2.2.2.