CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2038 – Campcodes Video Sharing Website admin_class.php sql injection
https://notcve.org/view.php?id=CVE-2023-2038
A vulnerability was found in Campcodes Video Sharing Website 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin_class.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. • https://github.com/E1CHO/cve_hub/blob/main/Video%20Sharing%20Website/Video%20Sharing%20Website%20vuln%202.pdf https://vuldb.com/?ctiid.225916 https://vuldb.com/?id.225916 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2037 – Campcodes Video Sharing Website watch.php sql injection
https://notcve.org/view.php?id=CVE-2023-2037
A vulnerability was found in Campcodes Video Sharing Website 1.0. It has been classified as critical. This affects an unknown part of the file watch.php. The manipulation of the argument code leads to sql injection. It is possible to initiate the attack remotely. • https://github.com/E1CHO/cve_hub/blob/main/Video%20Sharing%20Website/Video%20Sharing%20Website%20vuln%201.pdf https://vuldb.com/?ctiid.225915 https://vuldb.com/?id.225915 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2036 – Campcodes Video Sharing Website upload.php sql injection
https://notcve.org/view.php?id=CVE-2023-2036
A vulnerability was found in Campcodes Video Sharing Website 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file upload.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/E1CHO/cve_hub/blob/main/Video%20Sharing%20Website/Video%20Sharing%20Website%20vuln%204.pdf https://vuldb.com/?ctiid.225914 https://vuldb.com/?id.225914 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2035 – Campcodes Video Sharing Website signup.php sql injection
https://notcve.org/view.php?id=CVE-2023-2035
A vulnerability has been found in Campcodes Video Sharing Website 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file signup.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/E1CHO/cve_hub/blob/main/Video%20Sharing%20Website/Video%20Sharing%20Website%20vuln%203.pdf https://vuldb.com/?ctiid.225913 https://vuldb.com/?id.225913 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0418 – Video Central for WordPress <= 1.3.0 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2023-0418
The Video Central for WordPress plugin through 1.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks The Video Central plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://wpscan.com/vulnerability/821751bb-feaf-45b8-91a9-e173cb0c05fc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •