Search criteria
86 vulnerabilities
CVE-2026-22755 (GCVE-0-2026-22755)
Vulnerability from cvelistv5 – Published: 2026-01-13 15:12 – Updated: 2026-01-20 20:33
VLAI
Title
Legacy Vivotek Camera Firmware Command Injection in upload_map.cgi
Summary
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Vivotek Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382, FE9391, FE9582, IB9365, IB93587LPR, IB9371,IB9381, IB9387, IB9389, IB939,IP9165,IP9171, IP9172, IP9181, IP9191, IT9389, MA9321, MA9322, MS9321, MS9390, TB9330 (Firmware modules) allows OS Command Injection.This issue affects Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382, FE9391, FE9582, IB9365, IB93587LPR, IB9371,IB9381, IB9387, IB9389, IB939,IP9165,IP9171, IP9172, IP9181, IP9191, IT9389, MA9321, MA9322, MS9321, MS9390, TB9330: 0100a, 0106a, 0106b, 0107a, 0107b_1, 0109a, 0112a, 0113a, 0113d, 0117b, 0119e, 0120b, 0121, 0121d, 0121d_48573_1, 0122e, 0124d_48573_1, 012501, 012502, 0125c.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Vivotek | Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382, FE9391, FE9582, IB9365, IB93587LPR, IB9371,IB9381, IB9387, IB9389, IB939,IP9165,IP9171, IP9172, IP9181, IP9191, IT9389, MA9321, MA9322, MS9321, MS9390, TB9330 |
Affected:
0100a
(custom)
Affected: 0106a (custom) Affected: 0106b (custom) Affected: 0107a (custom) Affected: 0107b_1 (custom) Affected: 0109a (custom) Affected: 0112a (custom) Affected: 0113a (custom) Affected: 0113d (custom) Affected: 0117b (custom) Affected: 0119e (custom) Affected: 0120b (custom) Affected: 0121 (custom) Affected: 0121d (custom) Affected: 0121d_48573_1 (custom) Affected: 0122e (custom) Affected: 0124d_48573_1 (custom) Affected: 012501 (custom) Affected: 012502 (custom) Affected: 0125c (custom) |
Date Public
2026-01-08 17:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22755",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-13T15:29:25.879272Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T15:29:57.030Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://ftpmirror.your.org/pub/misc/ftp.vivotek.com/Firmware/",
"defaultStatus": "unaffected",
"modules": [
"Firmware"
],
"product": "Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382, FE9391, FE9582, IB9365, IB93587LPR, IB9371,IB9381, IB9387, IB9389, IB939,IP9165,IP9171, IP9172, IP9181, IP9191, IT9389, MA9321, MA9322, MS9321, MS9390, TB9330",
"vendor": "Vivotek",
"versions": [
{
"status": "affected",
"version": "0100a",
"versionType": "custom"
},
{
"status": "affected",
"version": "0106a",
"versionType": "custom"
},
{
"status": "affected",
"version": "0106b",
"versionType": "custom"
},
{
"status": "affected",
"version": "0107a",
"versionType": "custom"
},
{
"status": "affected",
"version": "0107b_1",
"versionType": "custom"
},
{
"status": "affected",
"version": "0109a",
"versionType": "custom"
},
{
"status": "affected",
"version": "0112a",
"versionType": "custom"
},
{
"status": "affected",
"version": "0113a",
"versionType": "custom"
},
{
"status": "affected",
"version": "0113d",
"versionType": "custom"
},
{
"status": "affected",
"version": "0117b",
"versionType": "custom"
},
{
"status": "affected",
"version": "0119e",
"versionType": "custom"
},
{
"status": "affected",
"version": "0120b",
"versionType": "custom"
},
{
"status": "affected",
"version": "0121",
"versionType": "custom"
},
{
"status": "affected",
"version": "0121d",
"versionType": "custom"
},
{
"status": "affected",
"version": "0121d_48573_1",
"versionType": "custom"
},
{
"status": "affected",
"version": "0122e",
"versionType": "custom"
},
{
"status": "affected",
"version": "0124d_48573_1",
"versionType": "custom"
},
{
"status": "affected",
"version": "012501",
"versionType": "custom"
},
{
"status": "affected",
"version": "012502",
"versionType": "custom"
},
{
"status": "affected",
"version": "0125c",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Larry W. Cashdollar"
}
],
"datePublic": "2026-01-08T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability in Vivotek Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382, FE9391, FE9582, IB9365, IB93587LPR, IB9371,IB9381, IB9387, IB9389, IB939,IP9165,IP9171, IP9172, IP9181, IP9191, IT9389, MA9321, MA9322, MS9321, MS9390, TB9330 (Firmware modules) allows OS Command Injection.\u003cp\u003eThis issue affects Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382, FE9391, FE9582, IB9365, IB93587LPR, IB9371,IB9381, IB9387, IB9389, IB939,IP9165,IP9171, IP9172, IP9181, IP9191, IT9389, MA9321, MA9322, MS9321, MS9390, TB9330: 0100a, 0106a, 0106b, 0107a, 0107b_1, 0109a, 0112a, 0113a, 0113d, 0117b, 0119e, 0120b, 0121, 0121d, 0121d_48573_1, 0122e, 0124d_48573_1, 012501, 012502, 0125c.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability in Vivotek Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382, FE9391, FE9582, IB9365, IB93587LPR, IB9371,IB9381, IB9387, IB9389, IB939,IP9165,IP9171, IP9172, IP9181, IP9191, IT9389, MA9321, MA9322, MS9321, MS9390, TB9330 (Firmware modules) allows OS Command Injection.This issue affects Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382, FE9391, FE9582, IB9365, IB93587LPR, IB9371,IB9381, IB9387, IB9389, IB939,IP9165,IP9171, IP9172, IP9181, IP9191, IT9389, MA9321, MA9322, MS9321, MS9390, TB9330: 0100a, 0106a, 0106b, 0107a, 0107b_1, 0109a, 0112a, 0113a, 0113d, 0117b, 0119e, 0120b, 0121, 0121d, 0121d_48573_1, 0122e, 0124d_48573_1, 012501, 012502, 0125c."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Not public but easy to reproduce."
}
],
"value": "Not public but easy to reproduce."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "PROOF_OF_CONCEPT",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/AU:Y/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T20:33:02.780Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"url": "http://www.vapidlabs.com/advisory.php?v=220"
},
{
"url": "https://www.akamai.com/blog/security-research/command-injection-vivotek-legacy-firmware-need-to-know"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Legacy Vivotek Camera Firmware Command Injection in upload_map.cgi",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2026-22755",
"datePublished": "2026-01-13T15:12:53.126Z",
"dateReserved": "2026-01-09T14:27:11.646Z",
"dateUpdated": "2026-01-20T20:33:02.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12592 (GCVE-0-2025-12592)
Vulnerability from cvelistv5 – Published: 2025-11-19 12:30 – Updated: 2025-11-19 16:07
VLAI
Title
Use of default login credentials in Legacy Vivotek Devices
Summary
Legacy Vivotek Device firmware uses default credetials for the root and user login accounts.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1392 - CWE-1392: Use of Default Credentials
Assigner
References
Impacted products
1 product
Date Public
2025-11-02 17:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12592",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T16:07:31.532330Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T16:07:56.677Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://ftpmirror.your.org/pub/misc/ftp.vivotek.com/Firmware/",
"defaultStatus": "unaffected",
"modules": [
"Firmware"
],
"product": "Affected device model numbers are FD7131-VVTK,FD7131-VVTK,FD7131-VVTK,FD7141-VVTK,IP7131-VVTK,IP7133-VVTK,IP7133-VVTK,IP7133-VVTK,IP7134-VVTK,IP7135-VVTK,IP7135-VVTK,IP7135-VVTK,IP7135-VVTK,IP7137-VVTK,IP7137-VVTK,IP7137-VVTK,IP7137-VVTK,IP7137-VVTK,IP7137-VVTK,IP7138-VVTK,IP7142-VVTK,IP7142-VVTK,IP7151-VVTK,IP7152-VVTK,IP7153-VVTK,IP7153-VVTK,IP7154-VVTK,IP7330-VVTK,IP7330-VVTK,IP7330-VVTK,IP8131-VVTK,IP8131-VVTK,IP8131-VVTK,IP8131W-VVTK,PT7135-VVTK,PT7137-TCON,PT7137-VVTK,PT7137-VVTK,PT7137-VVTK,PT7137-VVTK,PZ7131-VVTK,PZ7131-VVTK,PZ71X1-VVTK,PZ71X1-VVTK,PZ71X2-VVTK,SD73X3-VVTK,SD73X3-VVTK,SD73X3-VVTK,TC5330-VVTK,TC5332-TCVV,TC5333-TCVV,TC5633-TCVV,TC5633-VVTK,VS7100-VVTK,VS7100-VVTK,VS7100-VVTK",
"vendor": "Vivotek",
"versions": [
{
"status": "affected",
"version": "0100b",
"versionType": "custom"
},
{
"status": "affected",
"version": "0100e"
},
{
"status": "affected",
"version": "0100e1"
},
{
"status": "affected",
"version": "0100e2"
},
{
"status": "affected",
"version": "0100f"
},
{
"status": "affected",
"version": "0100g"
},
{
"status": "affected",
"version": "0100i"
},
{
"status": "affected",
"version": "0101c"
},
{
"status": "affected",
"version": "0103c"
},
{
"status": "affected",
"version": "0199z"
},
{
"status": "affected",
"version": "0200a"
},
{
"status": "affected",
"version": "0200b"
},
{
"status": "affected",
"version": "0200c"
},
{
"status": "affected",
"version": "0200g"
},
{
"status": "affected",
"version": "0201a"
},
{
"status": "affected",
"version": "0201a1"
},
{
"status": "affected",
"version": "0201c"
},
{
"status": "affected",
"version": "0201k"
},
{
"status": "affected",
"version": "0202a"
},
{
"status": "affected",
"version": "0202b"
},
{
"status": "affected",
"version": "0203a"
},
{
"status": "affected",
"version": "0300a"
},
{
"status": "affected",
"version": "0300b"
},
{
"status": "affected",
"version": "0301b3"
},
{
"status": "affected",
"version": "0302a"
},
{
"status": "affected",
"version": "0302c"
},
{
"status": "affected",
"version": "0400a"
},
{
"status": "affected",
"version": "0400b"
},
{
"status": "affected",
"version": "0401a"
},
{
"status": "affected",
"version": "0500a"
},
{
"status": "affected",
"version": "0500b"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Larry W. Cashdollar"
}
],
"datePublic": "2025-11-02T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Legacy Vivotek Device firmware uses default credetials for the root and user login accounts."
}
],
"value": "Legacy Vivotek Device firmware uses default credetials for the root and user login accounts."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Public"
}
],
"value": "Public"
}
],
"impacts": [
{
"capecId": "CAPEC-70",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-70 Try Common or Default Usernames and Passwords"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "PROOF_OF_CONCEPT",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/AU:Y/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1392",
"description": "CWE-1392 CWE-1392: Use of Default Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T12:30:32.854Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"url": "https://www.akamai.com/blog/security-research/rce-zero-day-in-legacy-vivotek-firmware"
},
{
"url": "http://www.vapidlabs.com/advisory.php?v=219"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Use of default login credentials in Legacy Vivotek Devices",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2025-12592",
"datePublished": "2025-11-19T12:30:32.854Z",
"dateReserved": "2025-11-01T12:15:08.915Z",
"dateUpdated": "2025-11-19T16:07:56.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-40721 (GCVE-0-2022-40721)
Vulnerability from cvelistv5 – Published: 2022-10-03 14:53 – Updated: 2024-08-03 12:21
VLAI
Summary
Arbitrary file upload vulnerability in php uploader
Severity
No CVSS data available.
CWE
- Arbitrary file upload
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/CreativeDream/php-uploader/iss… | x_refsource_MISC |
| http://www.vapidlabs.com/advisory.php?v=216 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2022/10/03/3 | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | CreativeDream file uploader |
Affected:
v0.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:21:46.741Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/CreativeDream/php-uploader/issues/23%2C"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=216"
},
{
"name": "[oss-security] 20221003 CreativeDream software arbitrary file upload",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/10/03/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CreativeDream file uploader",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Arbitrary file upload vulnerability in php uploader"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary file upload",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-03T17:06:09.000Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/CreativeDream/php-uploader/issues/23%2C"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=216"
},
{
"name": "[oss-security] 20221003 CreativeDream software arbitrary file upload",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/10/03/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"ID": "CVE-2022-40721",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CreativeDream file uploader",
"version": {
"version_data": [
{
"version_value": "v0.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Arbitrary file upload vulnerability in php uploader"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary file upload"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/CreativeDream/php-uploader/issues/23,",
"refsource": "MISC",
"url": "https://github.com/CreativeDream/php-uploader/issues/23,"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=216",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=216"
},
{
"name": "[oss-security] 20221003 CreativeDream software arbitrary file upload",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/10/03/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2022-40721",
"datePublished": "2022-10-03T14:53:48.000Z",
"dateReserved": "2022-09-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T12:21:46.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8521 (GCVE-0-2020-8521)
Vulnerability from cvelistv5 – Published: 2020-07-07 19:20 – Updated: 2024-08-04 10:03
VLAI
Summary
SQL injection with start and length parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql
Severity
No CVSS data available.
CWE
- SQL Injection in search field of phpzag live add edit delete data tables records with ajax php mysql
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.vapidlabs.com/advisory.php?v=213 | x_refsource_MISC |
| https://www.phpzag.com/live-add-edit-delete-datat… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2020/07/09/1 | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| phpzag | phpzag live add edit delete data tables records with ajax php mysql |
Affected:
1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:45.850Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=213"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.phpzag.com/live-add-edit-delete-datatables-records-with-ajax-php-mysql/"
},
{
"name": "[oss-security] 20200709 SQL Injection in search field of phpzag live add edit delete data tables records with ajax php mysql",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/07/09/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "phpzag live add edit delete data tables records with ajax php mysql",
"vendor": "phpzag",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"dateAssigned": "2020-05-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection with start and length parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection in search field of phpzag live add edit delete data tables records with ajax php mysql",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-09T14:06:19.000Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=213"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.phpzag.com/live-add-edit-delete-datatables-records-with-ajax-php-mysql/"
},
{
"name": "[oss-security] 20200709 SQL Injection in search field of phpzag live add edit delete data tables records with ajax php mysql",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/07/09/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2020-05-19",
"ID": "CVE-2020-8521",
"REQUESTER": "larry0@me.com",
"STATE": "PUBLIC",
"UPDATED": "2018-04-08T13:21Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "phpzag live add edit delete data tables records with ajax php mysql",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "phpzag"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection with start and length parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection in search field of phpzag live add edit delete data tables records with ajax php mysql"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=213",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=213"
},
{
"name": "https://www.phpzag.com/live-add-edit-delete-datatables-records-with-ajax-php-mysql/",
"refsource": "MISC",
"url": "https://www.phpzag.com/live-add-edit-delete-datatables-records-with-ajax-php-mysql/"
},
{
"name": "[oss-security] 20200709 SQL Injection in search field of phpzag live add edit delete data tables records with ajax php mysql",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/07/09/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2020-8521",
"datePublished": "2020-07-07T19:20:21.000Z",
"dateReserved": "2020-02-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:03:45.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8519 (GCVE-0-2020-8519)
Vulnerability from cvelistv5 – Published: 2020-07-07 19:20 – Updated: 2024-08-04 10:03
VLAI
Summary
SQL injection with the search parameter in Records.php for phpzag live add edit delete data tables records with ajax php mysql
Severity
No CVSS data available.
CWE
- SQL Injection
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.vapidlabs.com/advisory.php?v=213 | x_refsource_MISC |
| https://www.phpzag.com/live-add-edit-delete-datat… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2020/07/09/1 | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| phpzag | phpzag live add edit delete data tables records with ajax php mysql |
Affected:
1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=213"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.phpzag.com/live-add-edit-delete-datatables-records-with-ajax-php-mysql/"
},
{
"name": "[oss-security] 20200709 SQL Injection in search field of phpzag live add edit delete data tables records with ajax php mysql",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/07/09/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "phpzag live add edit delete data tables records with ajax php mysql",
"vendor": "phpzag",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"dateAssigned": "2020-05-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection with the search parameter in Records.php for phpzag live add edit delete data tables records with ajax php mysql"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-09T14:06:18.000Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=213"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.phpzag.com/live-add-edit-delete-datatables-records-with-ajax-php-mysql/"
},
{
"name": "[oss-security] 20200709 SQL Injection in search field of phpzag live add edit delete data tables records with ajax php mysql",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/07/09/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2020-05-19",
"ID": "CVE-2020-8519",
"REQUESTER": "larry0@me.com",
"STATE": "PUBLIC",
"UPDATED": "2018-04-08T13:21Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "phpzag live add edit delete data tables records with ajax php mysql",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "phpzag"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection with the search parameter in Records.php for phpzag live add edit delete data tables records with ajax php mysql"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=213",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=213"
},
{
"name": "https://www.phpzag.com/live-add-edit-delete-datatables-records-with-ajax-php-mysql/",
"refsource": "MISC",
"url": "https://www.phpzag.com/live-add-edit-delete-datatables-records-with-ajax-php-mysql/"
},
{
"name": "[oss-security] 20200709 SQL Injection in search field of phpzag live add edit delete data tables records with ajax php mysql",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/07/09/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2020-8519",
"datePublished": "2020-07-07T19:20:20.000Z",
"dateReserved": "2020-02-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:03:46.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8520 (GCVE-0-2020-8520)
Vulnerability from cvelistv5 – Published: 2020-07-07 19:20 – Updated: 2024-08-04 10:03
VLAI
Summary
SQL injection in order and column parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql
Severity
No CVSS data available.
CWE
- SQL Injection in search field of phpzag live add edit delete data tables records with ajax php mysql
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.vapidlabs.com/advisory.php?v=213 | x_refsource_MISC |
| https://www.phpzag.com/live-add-edit-delete-datat… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2020/07/09/1 | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| phpzag | phpzag live add edit delete data tables records with ajax php mysql |
Affected:
1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=213"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.phpzag.com/live-add-edit-delete-datatables-records-with-ajax-php-mysql/"
},
{
"name": "[oss-security] 20200709 SQL Injection in search field of phpzag live add edit delete data tables records with ajax php mysql",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/07/09/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "phpzag live add edit delete data tables records with ajax php mysql",
"vendor": "phpzag",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"dateAssigned": "2020-05-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection in order and column parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection in search field of phpzag live add edit delete data tables records with ajax php mysql",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-09T14:06:20.000Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=213"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.phpzag.com/live-add-edit-delete-datatables-records-with-ajax-php-mysql/"
},
{
"name": "[oss-security] 20200709 SQL Injection in search field of phpzag live add edit delete data tables records with ajax php mysql",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/07/09/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2020-05-19",
"ID": "CVE-2020-8520",
"REQUESTER": "larry0@me.com",
"STATE": "PUBLIC",
"UPDATED": "2018-04-08T13:21Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "phpzag live add edit delete data tables records with ajax php mysql",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "phpzag"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection in order and column parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection in search field of phpzag live add edit delete data tables records with ajax php mysql"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=213",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=213"
},
{
"name": "https://www.phpzag.com/live-add-edit-delete-datatables-records-with-ajax-php-mysql/",
"refsource": "MISC",
"url": "https://www.phpzag.com/live-add-edit-delete-datatables-records-with-ajax-php-mysql/"
},
{
"name": "[oss-security] 20200709 SQL Injection in search field of phpzag live add edit delete data tables records with ajax php mysql",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/07/09/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2020-8520",
"datePublished": "2020-07-07T19:20:20.000Z",
"dateReserved": "2020-02-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:03:46.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8293 (GCVE-0-2019-8293)
Vulnerability from cvelistv5 – Published: 2019-12-23 21:45 – Updated: 2024-08-04 21:17
VLAI
Summary
Due to a logic error in the code, upload-image-with-ajax v1.0 allows arbitrary files to be uploaded to the web root allowing code execution.
Severity
No CVSS data available.
CWE
- Arbitrary File Upload
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/abcprintf/upload-image-with-aj… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2019/12/23/2 | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | abcprintf upload-image-with-ajax |
Affected:
v1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:30.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/abcprintf/upload-image-with-ajax/commit/71436ba5102010397519d4b25ea57591cfb4974c"
},
{
"name": "[oss-security] 20191223 Re: Arbitrary file upload vulnerability in upload-image-with-ajax v1.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/23/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "abcprintf upload-image-with-ajax",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Due to a logic error in the code, upload-image-with-ajax v1.0 allows arbitrary files to be uploaded to the web root allowing code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary File Upload",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-24T00:06:05.000Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/abcprintf/upload-image-with-ajax/commit/71436ba5102010397519d4b25ea57591cfb4974c"
},
{
"name": "[oss-security] 20191223 Re: Arbitrary file upload vulnerability in upload-image-with-ajax v1.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/23/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"ID": "CVE-2019-8293",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "abcprintf upload-image-with-ajax",
"version": {
"version_data": [
{
"version_value": "v1.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Due to a logic error in the code, upload-image-with-ajax v1.0 allows arbitrary files to be uploaded to the web root allowing code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary File Upload"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/abcprintf/upload-image-with-ajax/commit/71436ba5102010397519d4b25ea57591cfb4974c",
"refsource": "MISC",
"url": "https://github.com/abcprintf/upload-image-with-ajax/commit/71436ba5102010397519d4b25ea57591cfb4974c"
},
{
"name": "[oss-security] 20191223 Re: Arbitrary file upload vulnerability in upload-image-with-ajax v1.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/12/23/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2019-8293",
"datePublished": "2019-12-23T21:45:08.000Z",
"dateReserved": "2019-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:17:30.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8290 (GCVE-0-2019-8290)
Vulnerability from cvelistv5 – Published: 2019-10-01 19:53 – Updated: 2024-08-04 21:17
VLAI
Summary
Vulnerability in Online Store v1.0, The registration form requirements for the member email format can be bypassed by posting directly to sent_register.php allowing special characters to be included and an XSS payload to be injected.
Severity
No CVSS data available.
CWE
- User input not sanitized in sent_register.php.
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.vapidlabs.com/advisory.php?v=210 | x_refsource_MISC |
| https://www.abcprintf.com/view_download.php?id=17 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2019/10/02/1 | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| abcprintf | Online Store |
Affected:
unspecified , ≤ 1.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:30.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Online Store",
"vendor": "abcprintf",
"versions": [
{
"lessThanOrEqual": "1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2019-09-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in Online Store v1.0, The registration form requirements for the member email format can be bypassed by posting directly to sent_register.php allowing special characters to be included and an XSS payload to be injected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "User input not sanitized in sent_register.php.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-02T14:06:02.000Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2019-09-18",
"ID": "CVE-2019-8290",
"REQUESTER": "cve-request@mitre.org",
"STATE": "PUBLIC",
"UPDATED": "2019-09-11T12:11Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Online Store",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "abcprintf"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in Online Store v1.0, The registration form requirements for the member email format can be bypassed by posting directly to sent_register.php allowing special characters to be included and an XSS payload to be injected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "User input not sanitized in sent_register.php."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=210",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"name": "https://www.abcprintf.com/view_download.php?id=17",
"refsource": "MISC",
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2019-8290",
"datePublished": "2019-10-01T19:53:28.000Z",
"dateReserved": "2019-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:17:30.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8292 (GCVE-0-2019-8292)
Vulnerability from cvelistv5 – Published: 2019-10-01 19:53 – Updated: 2024-08-04 21:17
VLAI
Summary
Online Store System v1.0 delete_product.php doesn't check to see if a user authtenticated or has administrative rights allowing arbitrary product deletion.
Severity
No CVSS data available.
CWE
- unauthenticated arbitrary product deletions.
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.vapidlabs.com/advisory.php?v=210 | x_refsource_MISC |
| https://www.abcprintf.com/view_download.php?id=17 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2019/10/02/1 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2019/12/23/1 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2019/12/23/2 | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| abcprintf | Online Store |
Affected:
unspecified , ≤ 1.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:30.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
},
{
"name": "[oss-security] 20191223 Arbitrary file upload vulnerability in upload-image-with-ajax v1.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/23/1"
},
{
"name": "[oss-security] 20191223 Re: Arbitrary file upload vulnerability in upload-image-with-ajax v1.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/23/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Online Store",
"vendor": "abcprintf",
"versions": [
{
"lessThanOrEqual": "1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2019-09-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Online Store System v1.0 delete_product.php doesn\u0027t check to see if a user authtenticated or has administrative rights allowing arbitrary product deletion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unauthenticated arbitrary product deletions.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-24T00:06:04.000Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
},
{
"name": "[oss-security] 20191223 Arbitrary file upload vulnerability in upload-image-with-ajax v1.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/23/1"
},
{
"name": "[oss-security] 20191223 Re: Arbitrary file upload vulnerability in upload-image-with-ajax v1.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/23/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2019-09-18",
"ID": "CVE-2019-8292",
"REQUESTER": "cve-request@mitre.org",
"STATE": "PUBLIC",
"UPDATED": "2019-09-11T12:11Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Online Store",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "abcprintf"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Online Store System v1.0 delete_product.php doesn\u0027t check to see if a user authtenticated or has administrative rights allowing arbitrary product deletion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unauthenticated arbitrary product deletions."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=210",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"name": "https://www.abcprintf.com/view_download.php?id=17",
"refsource": "MISC",
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
},
{
"name": "[oss-security] 20191223 Arbitrary file upload vulnerability in upload-image-with-ajax v1.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/12/23/1"
},
{
"name": "[oss-security] 20191223 Re: Arbitrary file upload vulnerability in upload-image-with-ajax v1.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/12/23/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2019-8292",
"datePublished": "2019-10-01T19:53:28.000Z",
"dateReserved": "2019-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:17:30.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8289 (GCVE-0-2019-8289)
Vulnerability from cvelistv5 – Published: 2019-10-01 19:53 – Updated: 2024-08-04 21:17
VLAI
Summary
Vulnerability in Online Store v1.0, stored XSS in admin/user_view.php adidas_member_email variable
Severity
No CVSS data available.
CWE
- Online store system v1.0 Stored XSS.
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.vapidlabs.com/advisory.php?v=210 | x_refsource_MISC |
| https://www.abcprintf.com/view_download.php?id=17 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2019/10/02/1 | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| abcprintf | Online Store |
Affected:
unspecified , ≤ 1.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:31.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Online Store",
"vendor": "abcprintf",
"versions": [
{
"lessThanOrEqual": "1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2019-09-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in Online Store v1.0, stored XSS in admin/user_view.php adidas_member_email variable"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Online store system v1.0 Stored XSS.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-02T14:06:05.000Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2019-09-18",
"ID": "CVE-2019-8289",
"REQUESTER": "cve-request@mitre.org",
"STATE": "PUBLIC",
"UPDATED": "2019-09-11T12:11Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Online Store",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "abcprintf"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in Online Store v1.0, stored XSS in admin/user_view.php adidas_member_email variable"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Online store system v1.0 Stored XSS."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=210",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"name": "https://www.abcprintf.com/view_download.php?id=17",
"refsource": "MISC",
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2019-8289",
"datePublished": "2019-10-01T19:53:28.000Z",
"dateReserved": "2019-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:17:31.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8288 (GCVE-0-2019-8288)
Vulnerability from cvelistv5 – Published: 2019-10-01 19:53 – Updated: 2024-08-04 21:17
VLAI
Summary
Vulnerability in Online Store v1.0, Stored XSS in user_view.php where adidas_member_user variable is not sanitized.
Severity
No CVSS data available.
CWE
- Online store system v1.0 Stored XSS
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.vapidlabs.com/advisory.php?v=210 | x_refsource_MISC |
| https://www.abcprintf.com/view_download.php?id=17 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2019/10/02/1 | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| abcprintf | Online Store |
Affected:
unspecified , ≤ 1.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:30.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Online Store",
"vendor": "abcprintf",
"versions": [
{
"lessThanOrEqual": "1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2019-09-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in Online Store v1.0, Stored XSS in user_view.php where adidas_member_user variable is not sanitized."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Online store system v1.0 Stored XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-02T14:06:03.000Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2019-09-18",
"ID": "CVE-2019-8288",
"REQUESTER": "cve-request@mitre.org",
"STATE": "PUBLIC",
"UPDATED": "2019-09-11T12:11Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Online Store",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "abcprintf"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in Online Store v1.0, Stored XSS in user_view.php where adidas_member_user variable is not sanitized."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Online store system v1.0 Stored XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=210",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"name": "https://www.abcprintf.com/view_download.php?id=17",
"refsource": "MISC",
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2019-8288",
"datePublished": "2019-10-01T19:53:28.000Z",
"dateReserved": "2019-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:17:30.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8291 (GCVE-0-2019-8291)
Vulnerability from cvelistv5 – Published: 2019-10-01 19:53 – Updated: 2024-08-04 21:17
VLAI
Summary
Online Store System v1.0 delete_file.php doesn't check to see if a user has administrative rights nor does it check for path traversal.
Severity
No CVSS data available.
CWE
- unauthenticated arbitrary file deletions via path traversal
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.vapidlabs.com/advisory.php?v=210 | x_refsource_MISC |
| https://www.abcprintf.com/view_download.php?id=17 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2019/10/02/1 | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| abcprintf | Online Store |
Affected:
unspecified , ≤ 1.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:31.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Online Store",
"vendor": "abcprintf",
"versions": [
{
"lessThanOrEqual": "1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2019-09-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Online Store System v1.0 delete_file.php doesn\u0027t check to see if a user has administrative rights nor does it check for path traversal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unauthenticated arbitrary file deletions via path traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-02T14:06:04.000Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2019-09-18",
"ID": "CVE-2019-8291",
"REQUESTER": "cve-request@mitre.org",
"STATE": "PUBLIC",
"UPDATED": "2019-09-11T12:11Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Online Store",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "abcprintf"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Online Store System v1.0 delete_file.php doesn\u0027t check to see if a user has administrative rights nor does it check for path traversal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unauthenticated arbitrary file deletions via path traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=210",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=210"
},
{
"name": "https://www.abcprintf.com/view_download.php?id=17",
"refsource": "MISC",
"url": "https://www.abcprintf.com/view_download.php?id=17"
},
{
"name": "[oss-security] 20191002 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2019-8291",
"datePublished": "2019-10-01T19:53:28.000Z",
"dateReserved": "2019-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:17:31.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2516 (GCVE-0-2013-2516)
Vulnerability from cvelistv5 – Published: 2019-02-15 21:00 – Updated: 2024-08-06 15:44
VLAI
Summary
Vulnerability in FileUtils v0.7, Ruby Gem Fileutils <= v0.7 Command Injection vulnerability in user supplied url variable that is passed to the shell.
Severity
No CVSS data available.
CWE
- Fileutils 0.7 Ruby Gem remote command execution and insecure file handling in /tmp
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.vapidlabs.com/advisory.php?v=36 | x_refsource_MISC |
| http://rubygems.org/gems/fileutils | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Stefaan Colman | FileUtils |
Affected:
unspecified , ≤ 0.7
(custom)
|
Date Public
2019-02-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:31.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=36"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rubygems.org/gems/fileutils"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FileUtils",
"vendor": "Stefaan Colman",
"versions": [
{
"lessThanOrEqual": "0.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2013-02-24T00:00:00.000Z",
"datePublic": "2019-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in FileUtils v0.7, Ruby Gem Fileutils \u003c= v0.7 Command Injection vulnerability in user supplied url variable that is passed to the shell."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fileutils 0.7 Ruby Gem remote command execution and insecure file handling in /tmp",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-15T20:57:01.000Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=36"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rubygems.org/gems/fileutils"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2013-02-24",
"ID": "CVE-2013-2516",
"REQUESTER": "cve-assign@mtire.org",
"STATE": "PUBLIC",
"UPDATED": "2019-02-12T11:31Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FileUtils",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "0.7"
}
]
}
}
]
},
"vendor_name": "Stefaan Colman"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in FileUtils v0.7, Ruby Gem Fileutils \u003c= v0.7 Command Injection vulnerability in user supplied url variable that is passed to the shell."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fileutils 0.7 Ruby Gem remote command execution and insecure file handling in /tmp"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=36",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=36"
},
{
"name": "http://rubygems.org/gems/fileutils",
"refsource": "MISC",
"url": "http://rubygems.org/gems/fileutils"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2013-2516",
"datePublished": "2019-02-15T21:00:00.000Z",
"dateReserved": "2013-03-08T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:44:31.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4615 (GCVE-0-2015-4615)
Vulnerability from cvelistv5 – Published: 2019-02-15 21:00 – Updated: 2024-08-06 06:18
VLAI
Summary
Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables
Severity
No CVSS data available.
CWE
- SQL Injection in easy2map-photos wordpress plugin v1.09
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.vapid.dhs.org/advisory.php?v=130 | x_refsource_MISC |
| https://wordpress.org/plugins/easy2map-photos | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Steven Ellis | Easy2map-photos WordPress Plugin |
Affected:
1.09
|
Date Public
2019-02-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:12.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapid.dhs.org/advisory.php?v=130"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/easy2map-photos"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Easy2map-photos WordPress Plugin",
"vendor": "Steven Ellis",
"versions": [
{
"status": "affected",
"version": "1.09"
}
]
}
],
"dateAssigned": "2015-06-08T00:00:00.000Z",
"datePublic": "2019-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection in easy2map-photos wordpress plugin v1.09",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-15T20:57:01.000Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapid.dhs.org/advisory.php?v=130"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/easy2map-photos"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2015-06-08",
"ID": "CVE-2015-4615",
"REQUESTER": "cve-assign@mitre.org",
"STATE": "PUBLIC",
"UPDATED": "2019-02-13T10:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Easy2map-photos WordPress Plugin",
"version": {
"version_data": [
{
"version_affected": "1.09",
"version_value": "1.09"
}
]
}
}
]
},
"vendor_name": "Steven Ellis"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection in easy2map-photos wordpress plugin v1.09"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapid.dhs.org/advisory.php?v=130",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisory.php?v=130"
},
{
"name": "https://wordpress.org/plugins/easy2map-photos",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/easy2map-photos"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2015-4615",
"datePublished": "2019-02-15T21:00:00.000Z",
"dateReserved": "2015-06-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:18:12.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5654 (GCVE-0-2013-5654)
Vulnerability from cvelistv5 – Published: 2019-02-15 21:00 – Updated: 2024-08-06 17:15
VLAI
Summary
Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to the phone's storage
Severity
No CVSS data available.
CWE
- Arbitrary file upload vulnerability in YingZhi Python Programming Language for iOS
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.vapidlabs.com/advisory.php?v=94 | x_refsource_MISC |
| http://www.iphoneappstorm.com/iphone-apps/utiliti… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| YingZhi | YingZhi Python Programming Language |
Affected:
unspecified , ≤ 1.9
(custom)
|
Date Public
2019-02-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:15:21.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=94"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.iphoneappstorm.com/iphone-apps/utilities/com.yingzhi.python/yingzhipython.php?id=493505744"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "YingZhi Python Programming Language",
"vendor": "YingZhi",
"versions": [
{
"lessThanOrEqual": "1.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2014-05-14T00:00:00.000Z",
"datePublic": "2019-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to the phone\u0027s storage"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary file upload vulnerability in YingZhi Python Programming Language for iOS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-15T20:57:01.000Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=94"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.iphoneappstorm.com/iphone-apps/utilities/com.yingzhi.python/yingzhipython.php?id=493505744"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2014-05-14",
"ID": "CVE-2013-5654",
"REQUESTER": "cve-assign@mitre.org",
"STATE": "PUBLIC",
"UPDATED": "2019-02-13T14:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "YingZhi Python Programming Language",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.9"
}
]
}
}
]
},
"vendor_name": "YingZhi"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to the phone\u0027s storage"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary file upload vulnerability in YingZhi Python Programming Language for iOS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=94",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=94"
},
{
"name": "http://www.iphoneappstorm.com/iphone-apps/utilities/com.yingzhi.python/yingzhipython.php?id=493505744",
"refsource": "MISC",
"url": "http://www.iphoneappstorm.com/iphone-apps/utilities/com.yingzhi.python/yingzhipython.php?id=493505744"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2013-5654",
"datePublished": "2019-02-15T21:00:00.000Z",
"dateReserved": "2013-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:15:21.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4617 (GCVE-0-2015-4617)
Vulnerability from cvelistv5 – Published: 2019-02-15 21:00 – Updated: 2024-08-06 06:18
VLAI
Summary
Vulnerability in Easy2map-photos WordPress Plugin v1.09 MapPinImageUpload.php and MapPinIconSave.php allows path traversal when specifying file names creating files outside of the upload directory.
Severity
No CVSS data available.
CWE
- Path traversal in easy2map-photos wordpress plugin v1.09
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wordpress.org/plugins/easy2map-photos | x_refsource_MISC |
| http://www.vapidlabs.com/advisory.php?v=130 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Steven Ellis | Easy2map-photos WordPress Plugin |
Affected:
1.09
|
Date Public
2019-02-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:12.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/easy2map-photos"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=130"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Easy2map-photos WordPress Plugin",
"vendor": "Steven Ellis",
"versions": [
{
"status": "affected",
"version": "1.09"
}
]
}
],
"dateAssigned": "2015-06-08T00:00:00.000Z",
"datePublic": "2019-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in Easy2map-photos WordPress Plugin v1.09 MapPinImageUpload.php and MapPinIconSave.php allows path traversal when specifying file names creating files outside of the upload directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Path traversal in easy2map-photos wordpress plugin v1.09",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-15T20:57:01.000Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/easy2map-photos"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=130"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2015-06-08",
"ID": "CVE-2015-4617",
"REQUESTER": "cve-assign@mitre.org",
"STATE": "PUBLIC",
"UPDATED": "2019-02-13T10:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Easy2map-photos WordPress Plugin",
"version": {
"version_data": [
{
"version_affected": "1.09",
"version_value": "1.09"
}
]
}
}
]
},
"vendor_name": "Steven Ellis"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in Easy2map-photos WordPress Plugin v1.09 MapPinImageUpload.php and MapPinIconSave.php allows path traversal when specifying file names creating files outside of the upload directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path traversal in easy2map-photos wordpress plugin v1.09"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/easy2map-photos",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/easy2map-photos"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=130",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=130"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2015-4617",
"datePublished": "2019-02-15T21:00:00.000Z",
"dateReserved": "2015-06-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:18:12.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2565 (GCVE-0-2013-2565)
Vulnerability from cvelistv5 – Published: 2019-02-15 21:00 – Updated: 2024-08-06 15:44
VLAI
Summary
A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver.
Severity
No CVSS data available.
CWE
- Mambo CMS vulnerabilities
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://sourceforge.net/projects/mambo/ | x_refsource_MISC |
| http://www.vapidlabs.com/advisory.php?v=75 | x_refsource_MISC |
Impacted products
Date Public
2019-02-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/projects/mambo/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=75"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mambo CMS",
"vendor": "Mambo",
"versions": [
{
"lessThanOrEqual": "4.6.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2012-01-02T00:00:00.000Z",
"datePublic": "2019-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Mambo CMS vulnerabilities",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-15T20:57:01.000Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/projects/mambo/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=75"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2012-01-02",
"ID": "CVE-2013-2565",
"REQUESTER": "cve-assign@mitre.org",
"STATE": "PUBLIC",
"UPDATED": "2019-02-11T10:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mambo CMS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "4.6.5"
}
]
}
}
]
},
"vendor_name": "Mambo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Mambo CMS vulnerabilities"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/projects/mambo/",
"refsource": "MISC",
"url": "http://sourceforge.net/projects/mambo/"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=75",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=75"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2013-2565",
"datePublished": "2019-02-15T21:00:00.000Z",
"dateReserved": "2013-03-13T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:44:32.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1002009 (GCVE-0-2018-1002009)
Vulnerability from cvelistv5 – Published: 2018-12-03 16:00 – Updated: 2024-08-05 12:47
VLAI
Summary
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable.
Severity
No CVSS data available.
CWE
- reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/45434/ | exploitx_refsource_EXPLOIT-DB |
| https://wordpress.org/plugins/bft-autoresponder/ | x_refsource_MISC |
| http://www.vapidlabs.com/advisory.php?v=203 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Kiboko Labs https://calendarscripts.info/ | Arigato Autoresponder and Newsletter |
Affected:
unspecified , ≤ 2.5.1.8
(custom)
|
Date Public
2018-12-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45434",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Arigato Autoresponder and Newsletter",
"vendor": "Kiboko Labs https://calendarscripts.info/",
"versions": [
{
"lessThanOrEqual": "2.5.1.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2018-08-22T00:00:00.000Z",
"datePublic": "2018-12-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-04T10:57:01.000Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"name": "45434",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2018-08-22",
"ID": "CVE-2018-1002009",
"REQUESTER": "kurt@seifried.org",
"STATE": "PUBLIC",
"UPDATED": "2017-08-10T14:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Arigato Autoresponder and Newsletter",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.5.1.8"
}
]
}
}
]
},
"vendor_name": "Kiboko Labs https://calendarscripts.info/"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45434",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"name": "https://wordpress.org/plugins/bft-autoresponder/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=203",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2018-1002009",
"datePublished": "2018-12-03T16:00:00.000Z",
"dateReserved": "2018-12-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:47:57.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1002003 (GCVE-0-2018-1002003)
Vulnerability from cvelistv5 – Published: 2018-12-03 16:00 – Updated: 2024-08-05 12:47
VLAI
Summary
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
Severity
No CVSS data available.
CWE
- reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/45434/ | exploitx_refsource_EXPLOIT-DB |
| https://wordpress.org/plugins/bft-autoresponder/ | x_refsource_MISC |
| http://www.vapidlabs.com/advisory.php?v=203 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Kiboko Labs https://calendarscripts.info/ | Arigato Autoresponder and Newsletter |
Affected:
unspecified , ≤ 2.5.1.8
(custom)
|
Date Public
2018-12-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45434",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Arigato Autoresponder and Newsletter",
"vendor": "Kiboko Labs https://calendarscripts.info/",
"versions": [
{
"lessThanOrEqual": "2.5.1.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2018-08-22T00:00:00.000Z",
"datePublic": "2018-12-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-04T10:57:01.000Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"name": "45434",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2018-08-22",
"ID": "CVE-2018-1002003",
"REQUESTER": "kurt@seifried.org",
"STATE": "PUBLIC",
"UPDATED": "2017-08-10T14:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Arigato Autoresponder and Newsletter",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.5.1.8"
}
]
}
}
]
},
"vendor_name": "Kiboko Labs https://calendarscripts.info/"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45434",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"name": "https://wordpress.org/plugins/bft-autoresponder/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=203",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2018-1002003",
"datePublished": "2018-12-03T16:00:00.000Z",
"dateReserved": "2018-12-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:47:57.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1002007 (GCVE-0-2018-1002007)
Vulnerability from cvelistv5 – Published: 2018-12-03 16:00 – Updated: 2024-08-05 12:47
VLAI
Summary
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id.
Severity
No CVSS data available.
CWE
- reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/45434/ | exploitx_refsource_EXPLOIT-DB |
| https://wordpress.org/plugins/bft-autoresponder/ | x_refsource_MISC |
| http://www.vapidlabs.com/advisory.php?v=203 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Kiboko Labs https://calendarscripts.info/ | Arigato Autoresponder and Newsletter |
Affected:
unspecified , ≤ 2.5.1.8
(custom)
|
Date Public
2018-12-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45434",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Arigato Autoresponder and Newsletter",
"vendor": "Kiboko Labs https://calendarscripts.info/",
"versions": [
{
"lessThanOrEqual": "2.5.1.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2018-08-22T00:00:00.000Z",
"datePublic": "2018-12-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-04T10:57:01.000Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"name": "45434",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2018-08-22",
"ID": "CVE-2018-1002007",
"REQUESTER": "kurt@seifried.org",
"STATE": "PUBLIC",
"UPDATED": "2017-08-10T14:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Arigato Autoresponder and Newsletter",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.5.1.8"
}
]
}
}
]
},
"vendor_name": "Kiboko Labs https://calendarscripts.info/"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45434",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"name": "https://wordpress.org/plugins/bft-autoresponder/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=203",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2018-1002007",
"datePublished": "2018-12-03T16:00:00.000Z",
"dateReserved": "2018-12-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:47:57.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1002008 (GCVE-0-2018-1002008)
Vulnerability from cvelistv5 – Published: 2018-12-03 16:00 – Updated: 2024-08-05 12:47
VLAI
Summary
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable.
Severity
No CVSS data available.
CWE
- reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/45434/ | exploitx_refsource_EXPLOIT-DB |
| https://wordpress.org/plugins/bft-autoresponder/ | x_refsource_MISC |
| http://www.vapidlabs.com/advisory.php?v=203 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Kiboko Labs https://calendarscripts.info/ | Arigato Autoresponder and Newsletter |
Affected:
unspecified , ≤ 2.5.1.8
(custom)
|
Date Public
2018-12-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45434",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Arigato Autoresponder and Newsletter",
"vendor": "Kiboko Labs https://calendarscripts.info/",
"versions": [
{
"lessThanOrEqual": "2.5.1.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2018-08-22T00:00:00.000Z",
"datePublic": "2018-12-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-04T10:57:01.000Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"name": "45434",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2018-08-22",
"ID": "CVE-2018-1002008",
"REQUESTER": "kurt@seifried.org",
"STATE": "PUBLIC",
"UPDATED": "2017-08-10T14:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Arigato Autoresponder and Newsletter",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.5.1.8"
}
]
}
}
]
},
"vendor_name": "Kiboko Labs https://calendarscripts.info/"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45434",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"name": "https://wordpress.org/plugins/bft-autoresponder/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=203",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2018-1002008",
"datePublished": "2018-12-03T16:00:00.000Z",
"dateReserved": "2018-12-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:47:57.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1002000 (GCVE-0-2018-1002000)
Vulnerability from cvelistv5 – Published: 2018-12-03 16:00 – Updated: 2024-08-05 12:47
VLAI
Summary
There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request.
Severity
No CVSS data available.
CWE
- Blind SQL injection in WordPress Plugin Arigato Autoresponder and Newsletter v2.5.1.8
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/45434/ | exploitx_refsource_EXPLOIT-DB |
| https://wordpress.org/plugins/bft-autoresponder/ | x_refsource_MISC |
| http://www.vapidlabs.com/advisory.php?v=203 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Kiboko Labs https://calendarscripts.info/ | Arigato Autoresponder and Newsletter |
Affected:
unspecified , ≤ 2.5.1.8
(custom)
|
Date Public
2018-12-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45434",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Arigato Autoresponder and Newsletter",
"vendor": "Kiboko Labs https://calendarscripts.info/",
"versions": [
{
"lessThanOrEqual": "2.5.1.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2018-08-22T00:00:00.000Z",
"datePublic": "2018-12-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Blind SQL injection in WordPress Plugin Arigato Autoresponder and Newsletter v2.5.1.8",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-04T10:57:01.000Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"name": "45434",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2018-08-22",
"ID": "CVE-2018-1002000",
"REQUESTER": "kurt@seifried.org",
"STATE": "PUBLIC",
"UPDATED": "2017-08-10T14:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Arigato Autoresponder and Newsletter",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.5.1.8"
}
]
}
}
]
},
"vendor_name": "Kiboko Labs https://calendarscripts.info/"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Blind SQL injection in WordPress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45434",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"name": "https://wordpress.org/plugins/bft-autoresponder/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=203",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2018-1002000",
"datePublished": "2018-12-03T16:00:00.000Z",
"dateReserved": "2018-12-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:47:57.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1002002 (GCVE-0-2018-1002002)
Vulnerability from cvelistv5 – Published: 2018-12-03 16:00 – Updated: 2024-08-05 12:47
VLAI
Summary
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
Severity
No CVSS data available.
CWE
- Reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/45434/ | exploitx_refsource_EXPLOIT-DB |
| https://wordpress.org/plugins/bft-autoresponder/ | x_refsource_MISC |
| http://www.vapidlabs.com/advisory.php?v=203 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Kiboko Labs https://calendarscripts.info/ | Arigato Autoresponder and Newsletter |
Affected:
unspecified , ≤ 2.5.1.8
(custom)
|
Date Public
2018-12-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45434",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Arigato Autoresponder and Newsletter",
"vendor": "Kiboko Labs https://calendarscripts.info/",
"versions": [
{
"lessThanOrEqual": "2.5.1.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2018-08-22T00:00:00.000Z",
"datePublic": "2018-12-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-04T10:57:01.000Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"name": "45434",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2018-08-22",
"ID": "CVE-2018-1002002",
"REQUESTER": "kurt@seifried.org",
"STATE": "PUBLIC",
"UPDATED": "2017-08-10T14:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Arigato Autoresponder and Newsletter",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.5.1.8"
}
]
}
}
]
},
"vendor_name": "Kiboko Labs https://calendarscripts.info/"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45434",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"name": "https://wordpress.org/plugins/bft-autoresponder/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=203",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2018-1002002",
"datePublished": "2018-12-03T16:00:00.000Z",
"dateReserved": "2018-12-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:47:57.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1002001 (GCVE-0-2018-1002001)
Vulnerability from cvelistv5 – Published: 2018-12-03 16:00 – Updated: 2024-08-05 12:47
VLAI
Summary
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
Severity
No CVSS data available.
CWE
- reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/45434/ | exploitx_refsource_EXPLOIT-DB |
| https://wordpress.org/plugins/bft-autoresponder/ | x_refsource_MISC |
| http://www.vapidlabs.com/advisory.php?v=203 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Kiboko Labs https://calendarscripts.info/ | Arigato Autoresponder and Newsletter |
Affected:
unspecified , ≤ 2.5.1.8
(custom)
|
Date Public
2018-12-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45434",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Arigato Autoresponder and Newsletter",
"vendor": "Kiboko Labs https://calendarscripts.info/",
"versions": [
{
"lessThanOrEqual": "2.5.1.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2018-08-22T00:00:00.000Z",
"datePublic": "2018-12-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-04T10:57:01.000Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"name": "45434",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2018-08-22",
"ID": "CVE-2018-1002001",
"REQUESTER": "kurt@seifried.org",
"STATE": "PUBLIC",
"UPDATED": "2017-08-10T14:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Arigato Autoresponder and Newsletter",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.5.1.8"
}
]
}
}
]
},
"vendor_name": "Kiboko Labs https://calendarscripts.info/"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45434",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"name": "https://wordpress.org/plugins/bft-autoresponder/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=203",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2018-1002001",
"datePublished": "2018-12-03T16:00:00.000Z",
"dateReserved": "2018-12-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:47:57.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1002005 (GCVE-0-2018-1002005)
Vulnerability from cvelistv5 – Published: 2018-12-03 16:00 – Updated: 2024-08-05 12:47
VLAI
Summary
These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter.
Severity
No CVSS data available.
CWE
- Blind SQL injection and multiple reflected XSS vulnerabilities in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/45434/ | exploitx_refsource_EXPLOIT-DB |
| https://wordpress.org/plugins/bft-autoresponder/ | x_refsource_MISC |
| http://www.vapidlabs.com/advisory.php?v=203 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Kiboko Labs https://calendarscripts.info/ | Arigato Autoresponder and Newsletter |
Affected:
unspecified , ≤ 2.5.1.8
(custom)
|
Date Public
2018-12-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.518Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45434",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Arigato Autoresponder and Newsletter",
"vendor": "Kiboko Labs https://calendarscripts.info/",
"versions": [
{
"lessThanOrEqual": "2.5.1.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2018-08-22T00:00:00.000Z",
"datePublic": "2018-12-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Blind SQL injection and multiple reflected XSS vulnerabilities in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-04T10:57:01.000Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"name": "45434",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2018-08-22",
"ID": "CVE-2018-1002005",
"REQUESTER": "kurt@seifried.org",
"STATE": "PUBLIC",
"UPDATED": "2017-08-10T14:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Arigato Autoresponder and Newsletter",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.5.1.8"
}
]
}
}
]
},
"vendor_name": "Kiboko Labs https://calendarscripts.info/"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Blind SQL injection and multiple reflected XSS vulnerabilities in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45434",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"name": "https://wordpress.org/plugins/bft-autoresponder/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=203",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2018-1002005",
"datePublished": "2018-12-03T16:00:00.000Z",
"dateReserved": "2018-12-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:47:57.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1002006 (GCVE-0-2018-1002006)
Vulnerability from cvelistv5 – Published: 2018-12-03 16:00 – Updated: 2024-08-05 12:47
VLAI
Summary
These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes
Severity
No CVSS data available.
CWE
- Blind SQL injection and multiple reflected XSS vulnerabilities in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/45434/ | exploitx_refsource_EXPLOIT-DB |
| https://wordpress.org/plugins/bft-autoresponder/ | x_refsource_MISC |
| http://www.vapidlabs.com/advisory.php?v=203 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Kiboko Labs https://calendarscripts.info/ | Arigato Autoresponder and Newsletter |
Affected:
unspecified , ≤ 2.5.1.8
(custom)
|
Date Public
2018-12-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45434",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Arigato Autoresponder and Newsletter",
"vendor": "Kiboko Labs https://calendarscripts.info/",
"versions": [
{
"lessThanOrEqual": "2.5.1.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2018-08-22T00:00:00.000Z",
"datePublic": "2018-12-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Blind SQL injection and multiple reflected XSS vulnerabilities in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-04T10:57:01.000Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"name": "45434",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2018-08-22",
"ID": "CVE-2018-1002006",
"REQUESTER": "kurt@seifried.org",
"STATE": "PUBLIC",
"UPDATED": "2017-08-10T14:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Arigato Autoresponder and Newsletter",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.5.1.8"
}
]
}
}
]
},
"vendor_name": "Kiboko Labs https://calendarscripts.info/"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Blind SQL injection and multiple reflected XSS vulnerabilities in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45434",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"name": "https://wordpress.org/plugins/bft-autoresponder/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=203",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2018-1002006",
"datePublished": "2018-12-03T16:00:00.000Z",
"dateReserved": "2018-12-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:47:57.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1002004 (GCVE-0-2018-1002004)
Vulnerability from cvelistv5 – Published: 2018-12-03 16:00 – Updated: 2024-08-05 12:47
VLAI
Summary
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
Severity
No CVSS data available.
CWE
- reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/45434/ | exploitx_refsource_EXPLOIT-DB |
| https://wordpress.org/plugins/bft-autoresponder/ | x_refsource_MISC |
| http://www.vapidlabs.com/advisory.php?v=203 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Kiboko Labs https://calendarscripts.info/ | Arigato Autoresponder and Newsletter |
Affected:
unspecified , ≤ 2.5.1.8
(custom)
|
Date Public
2018-12-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:56.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45434",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Arigato Autoresponder and Newsletter",
"vendor": "Kiboko Labs https://calendarscripts.info/",
"versions": [
{
"lessThanOrEqual": "2.5.1.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2018-08-22T00:00:00.000Z",
"datePublic": "2018-12-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-04T10:57:01.000Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"name": "45434",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2018-08-22",
"ID": "CVE-2018-1002004",
"REQUESTER": "kurt@seifried.org",
"STATE": "PUBLIC",
"UPDATED": "2017-08-10T14:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Arigato Autoresponder and Newsletter",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.5.1.8"
}
]
}
}
]
},
"vendor_name": "Kiboko Labs https://calendarscripts.info/"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45434",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"name": "https://wordpress.org/plugins/bft-autoresponder/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=203",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2018-1002004",
"datePublished": "2018-12-03T16:00:00.000Z",
"dateReserved": "2018-12-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:47:56.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9209 (GCVE-0-2018-9209)
Vulnerability from cvelistv5 – Published: 2018-11-19 18:00 – Updated: 2024-08-05 07:17
VLAI
Summary
Unauthenticated arbitrary file upload vulnerability in FineUploader php-traditional-server <= v1.2.2
Severity
No CVSS data available.
CWE
- FineUploader php-traditional-server <= v1.2.2 unauthenticated arbitrary file upload vulnerability
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.vapidlabs.com/advisory.php?v=208 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| FineUploader | FineUploader php-traditional-server |
Affected:
unspecified , ≤ 1.2.2
(custom)
|
Date Public
2018-11-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:51.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=208"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FineUploader php-traditional-server",
"vendor": "FineUploader",
"versions": [
{
"lessThanOrEqual": "1.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2018-11-10T00:00:00.000Z",
"datePublic": "2018-11-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated arbitrary file upload vulnerability in FineUploader php-traditional-server \u003c= v1.2.2"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "FineUploader php-traditional-server \u003c= v1.2.2 unauthenticated arbitrary file upload vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-19T17:57:01.000Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=208"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2018-11-10",
"ID": "CVE-2018-9209",
"REQUESTER": "larry0@me.com",
"STATE": "PUBLIC",
"UPDATED": "2018-11-17T13:21Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FineUploader php-traditional-server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.2.2"
}
]
}
}
]
},
"vendor_name": "FineUploader"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unauthenticated arbitrary file upload vulnerability in FineUploader php-traditional-server \u003c= v1.2.2"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "FineUploader php-traditional-server \u003c= v1.2.2 unauthenticated arbitrary file upload vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=208",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=208"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2018-9209",
"datePublished": "2018-11-19T18:00:00.000Z",
"dateReserved": "2018-04-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:17:51.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9207 (GCVE-0-2018-9207)
Vulnerability from cvelistv5 – Published: 2018-11-19 17:00 – Updated: 2024-08-05 07:17
VLAI
Summary
Arbitrary file upload in jQuery Upload File <= 4.0.2
Severity
No CVSS data available.
CWE
- Arbitrary file upload vulnerability in jQuery Upload File v4.0.2
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.vapidlabs.com/advisory.php?v=206 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| hayageek | jQuery Upload File |
Affected:
unspecified , ≤ 4.0.2
(custom)
|
Date Public
2018-11-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:52.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=206"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "jQuery Upload File",
"vendor": "hayageek",
"versions": [
{
"lessThanOrEqual": "4.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2018-11-02T00:00:00.000Z",
"datePublic": "2018-11-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Arbitrary file upload in jQuery Upload File \u003c= 4.0.2"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary file upload vulnerability in jQuery Upload File v4.0.2",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-19T16:57:01.000Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=206"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2018-11-02",
"ID": "CVE-2018-9207",
"REQUESTER": "larry0@me.com",
"STATE": "PUBLIC",
"UPDATED": "2018-11-19T13:21Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "jQuery Upload File",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "4.0.2"
}
]
}
}
]
},
"vendor_name": "hayageek"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Arbitrary file upload in jQuery Upload File \u003c= 4.0.2"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary file upload vulnerability in jQuery Upload File v4.0.2"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=206",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=206"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2018-9207",
"datePublished": "2018-11-19T17:00:00.000Z",
"dateReserved": "2018-04-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:17:52.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9208 (GCVE-0-2018-9208)
Vulnerability from cvelistv5 – Published: 2018-11-05 14:00 – Updated: 2024-08-05 07:17
VLAI
Summary
Unauthenticated arbitrary file upload vulnerability in jQuery Picture Cut <= v1.1Beta
Severity
No CVSS data available.
CWE
- jQuery Picture Cut <= v1.1Beta unauthenticated arbitrary file upload vulnerability
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.vapidlabs.com/advisory.php?v=207 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Tuyoshi Vinicius | jQuery Picture Cut |
Affected:
unspecified , ≤ 1.1Beta
(custom)
|
Date Public
2018-11-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:52.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=207"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "jQuery Picture Cut",
"vendor": "Tuyoshi Vinicius",
"versions": [
{
"lessThanOrEqual": "1.1Beta",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2018-10-09T00:00:00.000Z",
"datePublic": "2018-11-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated arbitrary file upload vulnerability in jQuery Picture Cut \u003c= v1.1Beta"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "jQuery Picture Cut \u003c= v1.1Beta unauthenticated arbitrary file upload vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-05T13:57:01.000Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=207"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2018-10-09",
"ID": "CVE-2018-9208",
"REQUESTER": "larry0@me.com",
"STATE": "PUBLIC",
"UPDATED": "2018-04-08T13:21Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "jQuery Picture Cut",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.1Beta"
}
]
}
}
]
},
"vendor_name": "Tuyoshi Vinicius"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unauthenticated arbitrary file upload vulnerability in jQuery Picture Cut \u003c= v1.1Beta"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "jQuery Picture Cut \u003c= v1.1Beta unauthenticated arbitrary file upload vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=207",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=207"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2018-9208",
"datePublished": "2018-11-05T14:00:00.000Z",
"dateReserved": "2018-04-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:17:52.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}