CVE-2024-4145

LOW Year: 2024
CVSS v3 Score
3.8
Low
Weakness Type
CWE-89
View all →

Vulnerability Description

The Search & Replace WordPress plugin before 3.2.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks (such as within a multi-site network).

Related Vulnerabilities

CVE-2020-26623

LOW
CVSS:3.8(Low)

SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the log...

CWE-892020

CVE-2020-26624

LOW
CVSS:3.8(Low)

A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal.

CWE-892020

CVE-2020-26625

LOW
CVSS:3.8(Low)

A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'user_id' parameter after the login portal.

CWE-892020

CVE-2023-42235

LOW
CVSS:3.8(Low)

An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple parameters of /monitor/s_normalizedtrans.php.

CWE-892023

CVE-2023-42236

LOW
CVSS:3.8(Low)

An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /common/ajaxfunction.php.

CWE-892023

CVE-2023-42237

LOW
CVSS:3.8(Low)

An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple GET parameters of /vam/vam_i_command.php.

CWE-892023