Injection

Injection flaws allow attackers to relay malicious code through an application to another system. These attacks include calls to the operating system via system calls, the use of external programs via shell commands, as well as calls to backend databases via SQL (i.e., SQL injection). Any time an application uses an interpreter of any type there is a danger of introducing an injection vulnerability.

Type of Injection Flaws:

  1. SQL Injection
  2. OS Command Injection
  3. LDAP Injection
  4. XML Injection
  5. Cross Site Scripting / HTML Injection
  6. NoSQL Injection

Reference Source:

  1. https://owasp.org/www-community/Injection_Flaws
  2. https://cheatsheetseries.owasp.org/cheatsheets/Injection_Prevention_Cheat_Sheet.html

List of Injection Flaws

Status Component Name Version Disclosed By Disclosure Date Access Level CVE-Number
wp-plugin : enl-newsletter 1.0.1 Anantshri 2014/05/28 Administrator CVE-2014-4939
wp-plugin : ultimate-product-catalogue Anantshri 2014/05/28 Administrator Not Assigned
wp-plugin : simple-retail-menus 4.0.1 Anantshri 2014/05/28 Editor Not Assigned
wp-plugin : hdw-player-video-player-video-gallery 2.4.2 Anantshri 2014/05/28 Administrator Not Assigned
wp-plugin : all-video-gallery 1.2 Anantshri 2014/05/28 Administrator Not Assigned
wp-plugin : wp-rss-poster 1.0.0 Anantshri 2014/05/28 Unauthenticated CVE-2014-4938
wp-plugin : yawpp 1.2 Anantshri 2014/05/28 Contributor Not Assigned
wp-plugin : stripshow 2.5.2 Anantshri 2014/05/28 Administrator Not Assigned
wp-plugin : quartz 1.01.1 Anantshri 2014/05/28 Contributor Not Assigned