CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2016-1000121 – Huge IT Joomla Slider 1.0.9 XSS / SQL Injection
https://notcve.org/view.php?id=CVE-2016-1000121
XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension Vulnerabilidad de XSS y vulnerabilidad de inyección SQL en la extensión Huge IT Joomla Slider v1.0.9 Huge IT Joomla Slider extension version 1.0.9 suffers from cross site scripting and remote SQL injection vulnerabilities. • http://extensions.joomla.org/extensions/extension/photos-a-images/slider http://www.securityfocus.com/bid/92160 http://www.vapidlabs.com/advisory.php?v=168 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2016-1000122 – Huge IT Joomla Slider 1.0.9 XSS / SQL Injection
https://notcve.org/view.php?id=CVE-2016-1000122
XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension Vulnerabilidad de XSS y vulnerabilidad de inyección SQLi en la extensión Huge IT Joomla Slider v1.0.9 Huge IT Joomla Slider extension version 1.0.9 suffers from cross site scripting and remote SQL injection vulnerabilities. • http://extensions.joomla.org/extensions/extension/photos-a-images/slider http://www.securityfocus.com/bid/92160 http://www.vapidlabs.com/advisory.php?v=168 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 2%CPEs: 2EXPL: 2CVE-2015-2062 – Responsive Slider – Image Slider – Slideshow for WordPress < 2.7.0 - Authenticated (Admin+) SQL Injection
https://notcve.org/view.php?id=CVE-2015-2062
Multiple SQL injection vulnerabilities in the Huge-IT Slider (slider-image) plugin before 2.7.0 for WordPress allow remote administrators to execute arbitrary SQL commands via the removeslide parameter in a popup_posts or edit_cat action in the sliders_huge_it_slider page to wp-admin/admin.php. Múltiples vulnerabilidades de inyección SQL en el plugin Huge-IT Slider (slider-image) versiones anteriores a 2.7.0 para WordPress, permiten a administradores remotos ejecutar comandos SQL arbitrarios por medio del parámetro removeslide en una acción popup_posts o edit_cat en la página sliders_huge_it_slider en el archivo wp-admin/admin.php. The Responsive Slider – Image Slider – Slideshow for WordPress plugin for WordPress is vulnerable to multiple SQL Injection attacks via the ‘removeslide’ parameter in versions before 2.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for administrator-level attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. WordPress Huge IT Slider plugin version 2.6.8 suffers from multiple remote SQL injection vulnerabilities. • http://packetstormsecurity.com/files/130796/WordPress-Huge-IT-Slider-2.6.8-SQL-Injection.html http://www.securityfocus.com/archive/1/archive/1/534852/100/0/threaded https://wordpress.org/support/topic/huge-it-slider-security-vulnerability-notification-sql-injection https://www.htbridge.com/advisory/HTB23250 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •