CVE-2022-0841 OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4.
This issue was discovered by Peter Teven. This is a XSS issue. You can inject arbitrary HTML code in the repository listing via lockfile. This
CVE-2022-0411 The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and escape the post_id parameter before using it in a SQL statement via a REST route, leading to a SQL injection.
when accessing the “Settings” page via a REST route of the plugin. The attacker can exploit this to execute arbitrary SQL commands and obtain access
CVE-2022-25149 - How Hackers Exploit WP Statistics with SQL Injection – A Deep Dive
WordPress is the backbone for millions of websites, but its popularity also means it's a big target for hackers. In this long read,
CVE-2022-24707 Anuko Time Tracker is a PHP time tracking application with SQL injection and blind injection vulnerabilities. Versions prior to 1.20.0.5642 are vulnerable.
Anuko Time Tracker has a feature where users can punch information. One of the features of this is that users can create PDF files of
CVE-2022-24407 An earlier version of SASL didn't escape the password for a SQL INSERT or UPDATE statement.
This could lead to a remote attacker being able to run arbitrary SQL commands. This issue was resolved by updating plugin code to escape the
Episode
00:00:00
00:00:00