CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24132 – Slider by 10Web < 1.2.36 - Multiple Authenticated SQL Injection
https://notcve.org/view.php?id=CVE-2021-24132
The Slider by 10Web WordPress plugin, versions before 1.2.36, in the bulk_action, export_full and save_slider_db functionalities of the plugin were vulnerable, allowing a high privileged user (Admin), or medium one such as Contributor+ (if "Role Options" is turn on for other users) to perform a SQL Injection attacks. El plugin Slider para 10Web WordPress, versiones anteriores a 1.2.36, en las funcionalidades bulk_action, export_full y save_slider_db del plugin, eran vulnerables, permitiendo a un usuario muy privilegiado (Admin), o uno medio como Colaborador+ (si "Role Options" se activa para otros usuarios) para llevar a cabo ataques de inyección SQL • https://wpscan.com/vulnerability/c1f45000-6c16-4606-be80-1938a755af2c • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2016-1000121 – Huge IT Joomla Slider 1.0.9 XSS / SQL Injection
https://notcve.org/view.php?id=CVE-2016-1000121
XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension Vulnerabilidad de XSS y vulnerabilidad de inyección SQL en la extensión Huge IT Joomla Slider v1.0.9 Huge IT Joomla Slider extension version 1.0.9 suffers from cross site scripting and remote SQL injection vulnerabilities. • http://extensions.joomla.org/extensions/extension/photos-a-images/slider http://www.securityfocus.com/bid/92160 http://www.vapidlabs.com/advisory.php?v=168 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2016-1000122 – Huge IT Joomla Slider 1.0.9 XSS / SQL Injection
https://notcve.org/view.php?id=CVE-2016-1000122
XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension Vulnerabilidad de XSS y vulnerabilidad de inyección SQLi en la extensión Huge IT Joomla Slider v1.0.9 Huge IT Joomla Slider extension version 1.0.9 suffers from cross site scripting and remote SQL injection vulnerabilities. • http://extensions.joomla.org/extensions/extension/photos-a-images/slider http://www.securityfocus.com/bid/92160 http://www.vapidlabs.com/advisory.php?v=168 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •