CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-9834 – WatuPRO < 5.5.3.7 - SQL Injection
https://notcve.org/view.php?id=CVE-2017-9834
SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the watupro_questions parameter in a watupro_submit action to wp-admin/admin-ajax.php. Una vulnerabilidad de inyección SQL en el plugin WatuPRO en versiones anteriores a la 5.5.3.7 para WordPress permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante el parámetro watupro_questions en una acción watupro_submit para wp-admin/admin-ajax.php. • https://www.exploit-db.com/exploits/42291 https://wpvulndb.com/vulnerabilities/8897 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2670
https://notcve.org/view.php?id=CVE-2006-2670
Multiple cross-site scripting (XSS) vulnerabilities in ChatPat 1.0 allow remote attackers to inject arbitrary web script or HTML via a chat message in (1) fastchat.php and (2) fastshow.php. • http://secunia.com/advisories/20290 http://securityreason.com/securityalert/989 http://www.securityfocus.com/archive/1/435006/100/0/threaded http://www.vupen.com/english/advisories/2006/1986 https://exchange.xforce.ibmcloud.com/vulnerabilities/26682 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2671
https://notcve.org/view.php?id=CVE-2006-2671
SQL injection vulnerability in ChatPat 1.0 allows remote attackers to execute arbitrary SQL commands via the nickname field. • http://secunia.com/advisories/20290 http://securityreason.com/securityalert/989 http://www.securityfocus.com/archive/1/435006/100/0/threaded http://www.vupen.com/english/advisories/2006/1986 •