Show filters
15 Total Results
Displaying 1-10 of 15
Sort by:
Attacker Value
Unknown

CVE-2024-50531

Disclosure Date: November 04, 2024 (last updated November 07, 2024)
Unrestricted Upload of File with Dangerous Type vulnerability in David F. Carr RSVPMaker for Toastmasters allows Upload a Web Shell to a Web Server.This issue affects RSVPMaker for Toastmasters: from n/a through 6.2.4.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-25054

Disclosure Date: December 29, 2023 (last updated January 05, 2024)
Improper Control of Generation of Code ('Code Injection') vulnerability in David F. Carr RSVPMaker.This issue affects RSVPMaker: from n/a through 10.6.6.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-41652

Disclosure Date: November 03, 2023 (last updated November 14, 2023)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 10.6.6.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-25047

Disclosure Date: October 31, 2023 (last updated November 08, 2023)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-25045

Disclosure Date: October 31, 2023 (last updated November 08, 2023)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-27617

Disclosure Date: September 27, 2023 (last updated October 08, 2023)
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin <= 10.6.6 versions.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-27616

Disclosure Date: September 27, 2023 (last updated October 08, 2023)
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin <= 10.6.6 versions.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-29095

Disclosure Date: July 10, 2023 (last updated October 08, 2023)
Auth. (admin+) SQL Injection (SQLi) vulnerability in David F. Carr RSVPMaker plugin < 10.5.5 versions.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-1768

Disclosure Date: June 13, 2022 (last updated January 11, 2024)
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the ~/rsvpmaker-email.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to, and including, 9.3.2. Please note that this is separate from CVE-2022-1453 & CVE-2022-1505.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-1505

Disclosure Date: May 10, 2022 (last updated February 23, 2025)
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.6.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
View More Topics  Next >