octubre 2024 - Página 61 de 160

20 Oct 2024

CVE-2024-49615

Título es

CVE-2024-49615

Dom, 20/10/2024 – 10:15

Tipo

CWE-352

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-49615

Descripción en

Cross-Site Request Forgery (CSRF) vulnerability in Henrique Rodrigues SafetyForms allows Blind SQL Injection.This issue affects SafetyForms: from n/a through 1.0.0.

20/10/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

8.20

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://patchstack.com/database/vulnerability/safetymails-forms/wordpress-safetyforms-plugin-1-0-0-csrf-to-sql-injection-vulnerability?_s_id=cve

Enviar en el boletín

Off

20 Oct 2024

CVE-2024-49614

Título es

CVE-2024-49614

Dom, 20/10/2024 – 10:15

Tipo

CWE-89

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-49614

Descripción en

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dan Alexander SermonAudio Widgets allows SQL Injection.This issue affects SermonAudio Widgets: from n/a through 1.9.3.

20/10/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

8.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://patchstack.com/database/vulnerability/sermonaudio-widgets/wordpress-sermonaudio-widgets-plugin-1-9-3-sql-injection-vulnerability?_s_id=cve

Enviar en el boletín

Off

20 Oct 2024

CVE-2024-49613

Título es

CVE-2024-49613

Dom, 20/10/2024 – 10:15

Tipo

CWE-89

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-49613

Descripción en

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lodel Geraldo Simple Code Insert Shortcode allows SQL Injection.This issue affects Simple Code Insert Shortcode: from n/a through 1.0.

20/10/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

8.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://patchstack.com/database/vulnerability/simple-code-insert-shortcode/wordpress-simple-code-insert-shortcode-plugin-1-0-sql-injection-vulnerability?_s_id=cve

Enviar en el boletín

Off

20 Oct 2024

CVE-2024-49612

Título es

CVE-2024-49612

Dom, 20/10/2024 – 10:15

Tipo

CWE-89

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-49612

Descripción en

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infotuts SW Contact Form allows Blind SQL Injection.This issue affects SW Contact Form: from n/a through 1.0.

20/10/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

8.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://patchstack.com/database/vulnerability/sw-contact-form/wordpress-sw-contact-form-plugin-1-0-sql-injection-vulnerability?_s_id=cve

Enviar en el boletín

Off

20 Oct 2024

CVE-2024-49629

Título es

CVE-2024-49629

Dom, 20/10/2024 – 10:15

Tipo

CWE-352

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-49629

Descripción en

Cross-Site Request Forgery (CSRF) vulnerability in Fahad Mahmood Endless Posts Navigation allows Stored XSS.This issue affects Endless Posts Navigation: from n/a through 2.2.7.

20/10/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

7.10

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://patchstack.com/database/vulnerability/endless-posts-navigation/wordpress-endless-posts-navigation-plugin-2-2-7-csrf-to-stored-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

20 Oct 2024

CVE-2024-49620

Título es

CVE-2024-49620

Dom, 20/10/2024 – 10:15

Tipo

CWE-89

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-49620

Descripción en

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Naudin Vladimir FERMA.Ru.Net allows Blind SQL Injection.This issue affects FERMA.Ru.Net: from n/a through 1.3.3.

20/10/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

8.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://patchstack.com/database/vulnerability/ferma-ru-net-checkout/wordpress-ferma-ru-net-plugin-1-3-3-sql-injection-vulnerability?_s_id=cve

Enviar en el boletín

Off

20 Oct 2024

CVE-2024-49619

Título es

CVE-2024-49619

Dom, 20/10/2024 – 10:15

Tipo

CWE-89

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-49619

Descripción en

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Acespritech Solutions Pvt. Ltd. Social Link Groups allows Blind SQL Injection.This issue affects Social Link Groups: from n/a through 1.1.0.

20/10/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

8.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://patchstack.com/database/vulnerability/social-link-groups/wordpress-social-link-groups-plugin-1-1-0-sql-injection-vulnerability?_s_id=cve

Enviar en el boletín

Off

20 Oct 2024

CVE-2024-49618

Título es

CVE-2024-49618

Dom, 20/10/2024 – 10:15

Tipo

CWE-89

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-49618

Descripción en

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jordan Lyall MyTweetLinks allows Blind SQL Injection.This issue affects MyTweetLinks: from n/a through 1.1.1.

20/10/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

8.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://patchstack.com/database/vulnerability/mytweetlinks/wordpress-mytweetlinks-plugin-1-1-1-sql-injection-vulnerability?_s_id=cve

Enviar en el boletín

Off

20 Oct 2024

CVE-2024-49617

Título es

CVE-2024-49617

Dom, 20/10/2024 – 10:15

Tipo

CWE-352

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-49617

Descripción en

Cross-Site Request Forgery (CSRF) vulnerability in Bhaskar Dhote Back Link Tracker allows Blind SQL Injection.This issue affects Back Link Tracker: from n/a through 1.0.0.

20/10/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

8.20

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://patchstack.com/database/vulnerability/back-link-tracker/wordpress-back-link-tracker-plugin-1-0-0-csrf-to-sql-injection-vulnerability?_s_id=cve

Enviar en el boletín

Off

20 Oct 2024

CVE-2024-10170

Título es

CVE-2024-10170

Dom, 20/10/2024 – 04:15

Tipo

CWE-89

Gravedad v2.0

6.50

Gravedad 2.0 Txt

MEDIUM

Título en

CVE-2024-10170

Descripción en

A vulnerability, which was classified as critical, has been found in code-projects Hospital Management System 1.0. This issue affects some unknown processing of the file get_doctor.php. The manipulation of the argument specilizationid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

20/10/2024

Vector CVSS:4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Vector CVSS:2.0

AV:N/AC:L/Au:S/C:P/I:P/A:P

Gravedad 4.0

5.30

Gravedad 4.0 txt

MEDIUM

Gravedad 3.1 (CVSS 3.1 Base Score)

6.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM