Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions.
Deserialization of Untrusted Data vulnerability in Drupal Mailjet allows Object Injection.This issue affects Mailjet: from 0.0.0 before 4.0.1.
Unauthenticated PHP Object Injection in Thrive Apprentice < 10.8.10.2 versions.
Unauthenticated SQL Injection in GeoDirectory <= 2.8.152 versions.
Unauthenticated Insecure Direct Object References (IDOR) in Clean Login <= 1.15 versions.
Contributor PHP Object Injection in Avada <= 3.15.3 versions.
Unauthenticated SQL Injection in Advanced Ads – Tracking < 3.0.7 versions.
Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free <= 5.3 versions.
Unauthenticated SQL Injection in GeekyBot <= 1.2.0 versions.
Unauthenticated SQL Injection in GD Rating System <= 3.6.2 versions.
Contributor PHP Object Injection in Post Duplicator <= 3.0.10 versions.
Unauthenticated SQL Injection in Contest Gallery <= 28.1.6 versions.
Unauthenticated SQL Injection in ListingPro <= 2.9.10 versions.
Unauthenticated SQL Injection in JetEngine <= 3.8.9.1 versions.
Unauthenticated SQL Injection in JetEngine < 3.8.9.1 versions.
Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the in Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP object
A weakness has been identified in itsourcecode Document Management System 1.0. This impacts an unknown function of the file /deluser.php. Executing a manipulation of the argument user2del can lead to
A vulnerability was found in itsourcecode Construction Management System 1.0. This affects an unknown function of the file /del.php. The manipulation of the argument equipname results in sql injection
A PHP object injection vulnerability exists in SugarCRM versions prior to 6.5.24, 6.7.13, 7.5.2.5, 7.6.2.2, and 7.7.1.0 due to improper validation of PHP serialized input in the SugarRestSerialize.php
Unauthenticated SQL Injection in wpForo Forum <= 3.0.4 versions.