Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-16 | CVE-2024-57770 | SQL Injection vulnerability in Jfinaloa Project Jfinaloa JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component apply/save#oaContractApply.id. | 8.8 |
| 2025-01-16 | CVE-2024-57775 | SQL Injection vulnerability in Jfinaloa Project Jfinaloa JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component getWorkFlowHis?insid. | 8.8 |
| 2025-01-16 | CVE-2024-57160 | Cross-Site Request Forgery (CSRF) vulnerability in 07Fly Customer Relationship Management 1.3.9 07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaTask/edit.html. | 4.3 |
| 2025-01-16 | CVE-2024-57161 | Cross-Site Request Forgery (CSRF) vulnerability in 07Fly Customer Relationship Management 1.3.9 07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/edit.html | 4.3 |
| 2025-01-16 | CVE-2024-57162 | SQL Injection vulnerability in Campcodes Cybercafe Management System 1.0 Campcodes Cybercafe Management System v1.0 is vulnerable to SQL Injection in /ccms/view-user-detail.php. | 7.2 |
| 2025-01-16 | CVE-2018-25108 | An unauthenticated remote attacker can cause a DoS in the controller due to uncontrolled resource consumption. | 7.5 |
| 2025-01-16 | CVE-2024-12427 | Missing Authorization vulnerability in Mondula Multi Step Form The Multi Step Form plugin for WordPress is vulnerable to unauthorized limited file upload due to a missing capability check on the fw_upload_file AJAX action in all versions up to, and including, 1.7.23. | 5.3 |
| 2025-01-16 | CVE-2024-12613 | SQL Injection vulnerability in Hirewebxperts Passwords Manager The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb->prefix value in several AJAX fuctions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2025-01-16 | CVE-2024-12614 | Missing Authorization vulnerability in Hirewebxperts Passwords Manager The Passwords Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pms_save_setting' and 'post_new_pass' AJAX actions in all versions up to, and including, 1.4.8. | 4.3 |
| 2025-01-16 | CVE-2024-12615 | SQL Injection vulnerability in Hirewebxperts Passwords Manager The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb->prefix value in several AJAX actions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |