Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise begin and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. ... Read More
Tag: SQL Injection
10
Dec2018
ITAS Team found out a SQL Injection vulnerability in ProjectSend r561. The issue is due to using the function to sanitize user-supplied input-data from ‘id’ parameter incorrectly. This may allows remote attackers to execute arbitrary SQL commands via that parameter.
Individuals and organizations are using this should note and give the ... Read More
December 10, 2018admin
10
Dec2018
ITAS Team found out multiple SQL Injection vulnerabilities in Sefrengo CMS v1.6.1. The issues are due to the some scripts not properly sanitizing user-supplied input-data. These SQL injection vulnerabilities allow (1) remote attackers to execute arbitrary SQL commands via the sefrengo cookie in a login to backend/main.php or (2) remote ... Read More
December 10, 2018admin
10
Dec2018
ITAS Team found out a SQL Injection vulnerability in articleFR CMS. The issue is due to the some scripts not properly sanitizing user-supplied input-data. This may allows remote attackers to execute arbitrary SQL commands via that parameter…
Individuals and organizations are using this CMS should note and give the solution to ... Read More
December 10, 2018admin
10
Dec2018
ITAS Team found out a SQL Injection vulnerability in Redaxscript 2.2.0 CMS . The issue is due to the some scripts not properly sanitizing user-supplied input-data. This may allows remote attackers to execute arbitrary SQL commands via that parameter.
Individuals and organizations are using this should update the latest patch Redaxscript ... Read More
December 10, 2018admin
10
Dec2018
ITAS Team found out a SQL Injection vulnerability in Microweber CMS. The issue is due to the some scripts not properly sanitizing user-supplied input-data. This may allows remote attackers to execute arbitrary SQL commands via that parameter…
Individuals and organizations are using this CMS should update the latest patch (version 0.95 ... Read More
December 10, 2018admin
10
Dec2018
ITAS Team discovered multiple SQL Injection vulnerabilities in PBBoard CMS. The issue is due to the some scripts not properly sanitizing user-supplied input-data. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data…
Individuals and organizations ... Read More
December 10, 2018admin
10
Dec2018
SP Client Document Manager plugin (https://wordpress.org/plugins/sp-client-document-manager/) contains some flaws that may allow carrying out SQL injection attacks. The issue is due to the some scripts not properly sanitizing user-supplied input-data. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation ... Read More
December 10, 2018admin
10
Dec2018
YourMembers plugin (https://github.com/YourMembers/yourmembers/tree/master/ym_trunk) contains a flaw that may allow carrying out a blind SQL injection attack. The issue is due to the ym_trunk/includes/ym-download_functions.include.php script not properly sanitizing user-supplied input to the ‘ym_download_id’ parameter. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing ... Read More
December 10, 2018admin