#sql

Adveris CMS version 3.0 suffers from a cross site scripting vulnerability.

Anuranan SBAdmin version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Arcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceImpl/services/FlashServiceImpl leaks the AuthUUID token. This token can be used at /WebServiceImpl/services/VirtualStandbyServiceImpl to obtain a valid session. This session can be used to execute any task as administrator.

Inout Search Engine AI Edition version 1.1 suffers from a cross site scripting vulnerability.

Vacation Rental version 1.8 suffers from a cross site scripting vulnerability.

Strawberry version 1.1.9 suffers from a cross site scripting vulnerability.

phpFK version 9.2 Beta suffers from cross site scripting and remote SQL injection vulnerabilities.

ArabInfotech CMS version 2.0.1 suffers from a cross site scripting vulnerability.

Alumni Club Management Tools version 2.2.7 suffers from file upload and remote SQL injection vulnerabilities.

The WordPress Photo Gallery – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on the load_images_thumbnail() and edit_gallery() functions. This makes it possible for unauthenticated attackers to edit galleries via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.