LiquidFiles version 3.5.13 suffers from a privilege escalation vulnerability. The LiquidFiles API allows a User Admin to access keys for System Administrators.
>> CATEGORY: exploit
WordPress Smart Product Review plugin versions 1.0.4 and below suffer from a remote shell upload vulnerability.
This Metasploit module exploits an input validation error on the log file extension parameter of SuiteCRM version 7.11.18. It does not properly validate upper/lower case characters. Once this occurs, the…
Fuel CMS version 1.4.13 suffers from a remote blind SQL injection vulnerability.
Talariax sendQuick Alertplus Server Admin version 4.3 suffers from a vulnerability that allows an authenticated user to perform error-based SQL injection via unsanitized form fields.
KONGA version 0.14.9 suffers from a privilege escalation vulnerability.
WordPress Contact Form to Email plugin version 1.3.24 suffers from a persistent cross site scripting vulnerability.
Wipro Holmes Orchestrator version 20.4.1 unauthenticated arbitrary file reading proof of concept exploit.
Simple Subscription Website version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
PHP Laravel version 8.70.1 suffers from cross site scripting and cross site request forgery related vulnerabilities.