A person could exploit this vulnerability to execute arbitrary SQL commands with system privileges or cause a denial of service. We assume no risk of exploitation, and do not recommend installing this extension unless you understand the risks and make your own determination.
3. OpenCms (Web Content Management)
OpenCms is a web content management system that is used by large enterprises and government agencies. The extension was found to have a SQL Injection vulnerability via the login parameter at /_system/login/index.php.
A person could exploit this vulnerability to obtain sensitive information, or possibly have access to sensitive information. We assume no risk of exploitation, and do not recommend installing this extension unless you understand the risks and make your own determination.
4. Download Status
Download Status is an extension that displays the download progress of a media file on a website. It is usually included on websites such as forum and image boards. The extension was discovered to have a SQL Injection vulnerability via the cat parameter at /downloads/download_status.php.
A person could exploit this vulnerability to obtain sensitive information, or possibly have access to sensitive information. We assume no risk of exploitation, and do not recommend installing this extension unless you understand the risks and make your own determination.
5. Email Tracker
Email Tracker
Email Tracker is an extension that allows the user to view email history, send email and get notifications. The extension was found to have a SQL Injection vulnerability via the index parameter at /emailtracker/index.php.
A person could exploit this vulnerability to obtain sensitive information, or possibly have access to sensitive information. We assume no risk of exploitation, and do not recommend installing this extension unless you understand the risks and make your own determination.
How to check if your website is vulnerable?
The following SQL injection vulnerability was found by the researchers:
A person could exploit this vulnerability to have access to the server and modify any account.
We assume no risk of exploitation, and do not recommend installing this extension unless you understand the risks and make your own determination.
6. Elementor Premium
Elementor is a website builder that supports WordPress, Drupal, Joomla, Magento, or OpenCart. The extension was found to have a SQL Injection vulnerability via the cat parameter at /elementor/index.php or /resource-manage/index.php.
Timeline
Published on: 09/27/2022 23:15:00 UTC
Last modified on: 09/28/2022 22:45:00 UTC