CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 2CVE-2008-1060 – Sniplets < 1.2.3 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2008-1060
Eval injection vulnerability in modules/execute.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via the text parameter. Vulnerabilidad de inyección Eval en modules/execute.php de Sniplets 1.1.2 y 1.2.2 plugin de WordPress, permite a atacantes remotos ejecutar código PHP de su elección a través del parámetro text. • https://www.exploit-db.com/exploits/5194 http://secunia.com/advisories/29099 http://securityreason.com/securityalert/3706 http://www.securityfocus.com/archive/1/488734/100/0/threaded http://www.securityfocus.com/bid/27985 https://exchange.xforce.ibmcloud.com/vulnerabilities/40831 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2008-0939 – WP Photo Album Plus <= 1.1 - SQL Injection
https://notcve.org/view.php?id=CVE-2008-0939
Multiple SQL injection vulnerabilities in wppa.php in the WP Photo Album (WPPA) before 1.1 plugin for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the photo parameter to index.php, used by the wppa_photo_name function; or (2) the album parameter to index.php, used by the wppa_album_name function. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de inyección SQL en el plugin wppa.php de WP Photo Album (WPPA) antes de 1.1 para WordPress permiten a atacantes remotos ejecutar comandos SQL de su elección a través de 1) el parámetro photo a index.php, utilizado por la función wppa_photo_name; o (2) el parámetro album a index.php, utilizado por la función wppa_album_name. Multiple SQL injection vulnerabilities in wppa.php in the WP Photo Album (WPPA) before 1.1 plugin for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the photo parameter to index.php, used by the wppa_photo_name function; or (2) the album parameter to index.php, used by the wppa_album_name function. NOTE: some of these details are obtained from third party information. • https://www.exploit-db.com/exploits/5135 http://me.mywebsight.ws/web/wppa http://secunia.com/advisories/28988 http://securityreason.com/securityalert/3693 http://weblogtoolscollection.com/archives/2008/02/21/photo-album-plugin-vulnerabilities http://www.securityfocus.com/archive/1/488290 http://www.securityfocus.com/bid/27832 http://www.vupen.com/english/advisories/2008/0586 https://exchange.xforce.ibmcloud.com/vulnerabilities/40599 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 2CVE-2008-1059 – Sniplets < 1.2.3 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2008-1059
PHP remote file inclusion vulnerability in modules/syntax_highlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter. Vulnerabilidad de inclusión remota de ficheros PHP en modules/syntax_highlight.php en las extensiones para Wordpress Sniplets 1.1.2 y 1.2.2 permite a atacantes remotos ejecutar código PHP de su elección mediante una URL el parámetro libpath. • https://www.exploit-db.com/exploits/5194 http://secunia.com/advisories/29099 http://securityreason.com/securityalert/3706 http://www.securityfocus.com/archive/1/488734/100/0/threaded http://www.securityfocus.com/bid/27985 https://exchange.xforce.ibmcloud.com/vulnerabilities/40829 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2008-0845 – WP People <= 3.4.1 - SQL Injection
https://notcve.org/view.php?id=CVE-2008-0845
SQL injection vulnerability in wp-people-popup.php in Dean Logan WP-People plugin 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the person parameter. Vulnerabilidad de inyección SQL en wp-people-popup.php de Dean Logan WP-People plugin 1.6.1 para WordPress permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro person. SQL injection vulnerability in wp-people-popup.php in Dean Logan WP-People plugin 3.4.1 and below for WordPress allows remote attackers to execute arbitrary SQL commands via the person parameter. • https://www.exploit-db.com/exploits/31230 http://securityreason.com/securityalert/3672 http://www.securityfocus.com/archive/1/488282/100/0/threaded http://www.securityfocus.com/bid/27858 https://exchange.xforce.ibmcloud.com/vulnerabilities/40860 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 4CVE-2008-7040 – Yellow Swordfish Simple Forum <= 1.11 - SQL Injection
https://notcve.org/view.php?id=CVE-2008-7040
SQL injection vulnerability in ahah/sf-profile.php in the Yellow Swordfish Simple Forum module for Wordpress allows remote attackers to execute arbitrary SQL commands via the u parameter. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect. Vulnerabilidad de inyección SQL en ahah/sf-profile.php del módulo Yellow Swordfish Simple Forum de Wordpress permite a usuarios remotos ejecutar comandos SQL de su elección a través del parámetro u. NOTA: este problema fue descubierto por un investigador que no es de confianza, por lo que los detalles pueden ser incorrectos. • https://www.exploit-db.com/exploits/31227 http://osvdb.org/52210 http://www.securityfocus.com/archive/1/488279 http://www.securityfocus.com/bid/27854 https://exchange.xforce.ibmcloud.com/vulnerabilities/41578 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •