CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-125101 – Portfolio Gallery Plugin sql injection
https://notcve.org/view.php?id=CVE-2014-125101
A vulnerability classified as critical has been found in Portfolio Gallery Plugin up to 1.1.8 on WordPress. This affects an unknown part. The manipulation leads to sql injection. It is possible to initiate the attack remotely. Upgrading to version 1.1.9 is able to address this issue. • https://github.com/wp-plugins/portfolio-gallery/commit/58ed88243e17df766036f4857041edaf358076d3 https://vuldb.com/?ctiid.230085 https://vuldb.com/?id.230085 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2016-1000120
https://notcve.org/view.php?id=CVE-2016-1000120
SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla Vulnerabilidad de inyección SQLi y vulnerabilidad de XSS en la extensión de catálogo Huge IT v1.0.4 para Joomla • http://extensions.joomla.org/extensions/extension/e-commerce/shopping-cart/catalog http://www.securityfocus.com/bid/92185 http://www.vapidlabs.com/advisory.php?v=167 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2016-1000116
https://notcve.org/view.php?id=CVE-2016-1000116
Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS Inyección SQL y XSS en el gestor Huge-IT Portfolio Gallery v1.1.0 • http://huge-it.com/joomla-portfolio-gallery http://www.securityfocus.com/bid/93821 http://www.vapidlabs.com/advisory.php?v=165 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2016-1000117
https://notcve.org/view.php?id=CVE-2016-1000117
XSS & SQLi in HugeIT slideshow v1.0.4 XSS y SQLi en diapositivas HugeIT v1.0.4 • http://extensions.joomla.org/extensions/extension/photos-a-images/slideshow/slideshow http://www.securityfocus.com/bid/93822 http://www.vapidlabs.com/advisory.php?v=166 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2016-1000115
https://notcve.org/view.php?id=CVE-2016-1000115
Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS Inyección SQL y XSS en el gestor Huge-IT Portfolio Gallery v1.1.0 • http://huge-it.com/joomla-portfolio-gallery http://www.securityfocus.com/bid/93821 http://www.vapidlabs.com/advisory.php?v=165 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •