Show filters
53 Total Results
Displaying 31-40 of 53
Sort by:
Attacker Value
Unknown

CVE-2015-9462

Disclosure Date: October 10, 2019 (last updated November 27, 2024)
The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_category_page SQL injection via the cat_id parameter.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-14800

Disclosure Date: August 15, 2019 (last updated November 27, 2024)
The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows guests to obtain the email subscription list in CSV format via the wp-admin/admin-post.php?page=fvplayer&fv-email-export=1 URI.
0
0
Attacker Value
Unknown

CVE-2019-14801

Disclosure Date: August 09, 2019 (last updated November 27, 2024)
The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows email subscription SQL injection.
0
0
Attacker Value
Unknown

CVE-2019-14799

Disclosure Date: August 09, 2019 (last updated November 27, 2024)
The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-13573

Disclosure Date: July 17, 2019 (last updated November 27, 2024)
A SQL injection vulnerability exists in the FolioVision FV Flowplayer Video Player plugin before 7.3.19.727 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2018-0642

Disclosure Date: September 07, 2018 (last updated November 27, 2024)
Cross-site scripting vulnerability in FV Flowplayer Video Player 6.1.2 to 6.6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2018-15849

Disclosure Date: August 25, 2018 (last updated November 27, 2024)
An issue was discovered in portfolioCMS 1.0.5. There is CSRF to update the website settings via admin/aboutus.php.
0
0
Attacker Value
Unknown

CVE-2018-15848

Disclosure Date: August 25, 2018 (last updated November 27, 2024)
An issue was discovered in portfolioCMS 1.0.5. There is CSRF to create new pages via admin/portfolio.php?newpage=true.
0
0
Attacker Value
Unknown

CVE-2018-12263

Disclosure Date: June 13, 2018 (last updated November 26, 2024)
portfolioCMS 1.0.5 allows upload of arbitrary .php files via the admin/portfolio.php?newpage=true URI.
0
0
Attacker Value
Unknown

CVE-2018-12110

Disclosure Date: June 11, 2018 (last updated November 26, 2024)
portfolioCMS 1.0.5 has SQL Injection via the admin/portfolio.php preview parameter.
0
0
View More Topics  < Previous  Next >