Skip to main content
CVE-2024-25422 CRITICAL POC Act Now

SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the SEMCMS_Menu.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP RCE Semcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-25350 CRITICAL POC Act Now

SQL Injection vulnerability in /zms/admin/edit-ticket.php in PHPGurukul Zoo Management System 1.0 via tickettype and tprice parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE SQLi Zoo Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-25169 CRITICAL POC Act Now

An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel via a crafted request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mezzanine
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-25867 CRITICAL POC Act Now

A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the membershipType and membershipAmount parameters. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Membership Management System
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-25170 CRITICAL POC Act Now

An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host header. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mezzanine
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
CVE-2024-1514 CRITICAL PATCH Act Now

The WP eCommerce plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'cart_contents' parameter in all versions up to, and including, 3.15.1 due to insufficient escaping on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi WordPress Wp Ecommerce
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-25910 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Skymoonlabs MoveTo.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Moveto
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-25927 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Joel Starnes postMash - custom post order.2.0. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Postmash
NVD
CVSS 3.1
9.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy