Injection

Injection flaws allow attackers to relay malicious code through an application to another system. These attacks include calls to the operating system via system calls, the use of external programs via shell commands, as well as calls to backend databases via SQL (i.e., SQL injection). Any time an application uses an interpreter of any type there is a danger of introducing an injection vulnerability.

Type of Injection Flaws:

  1. SQL Injection
  2. OS Command Injection
  3. LDAP Injection
  4. XML Injection
  5. Cross Site Scripting / HTML Injection
  6. NoSQL Injection

Reference Source:

  1. https://owasp.org/www-community/Injection_Flaws
  2. https://cheatsheetseries.owasp.org/cheatsheets/Injection_Prevention_Cheat_Sheet.html

List of Injection Flaws

Status Component Name Version Disclosed By Disclosure Date Access Level CVE-Number
wp-plugin : wp-paytm-pay 1.3.2 Shreya Pohekar 2021/07/23 Administrator CVE-2021-24554
wp-plugin : timeline-calendar 1.2 Shreya Pohekar 2021/07/23 Authenticated CVE-2021-24553
wp-plugin : simple-events-calendar 1.4.0 Shreya Pohekar 2021/07/23 Administrator CVE-2021-24552
wp-plugin : m-vslider 2.1.3 Shreya Pohekar 2021/07/23 Administrator CVE-2021-24557
wp-plugin : embed-youtube-video 1 Syed Sheeraz Ali 2021/07/23 Administrator CVE-2021-24395
wp-plugin : edit-comments 0.3 Shreya Pohekar 2021/07/23 Unauthenticated CVE-2021-24551
wp-plugin : easy-testimonial-manager 1.2.0 Syed Sheeraz Ali 2021/07/23 Administrator CVE-2021-24394
wp-plugin : diary-availability-calendar 1.0.3 Shreya Pohekar 2021/07/23 Subscriber CVE-2021-24555
wp-plugin : comment-highlighter 0.13 Syed Sheeraz Ali 2021/07/23 Administrator CVE-2021-24393
wp-plugin : club-management-software 1 Syed Sheeraz Ali 2021/07/23 Administrator CVE-2021-24392
wp-plugin : cashtomer 1 Syed Sheeraz Ali 2021/07/23 Subscriber CVE-2021-24391
wp-plugin : broken-link-manager 0.6.5 Shreya Pohekar 2021/07/23 Administrator CVE-2021-24550
wp-plugin : alipay 3.7.2 Syed Sheeraz Ali 2021/07/23 Administrator CVE-2021-24390
wp-plugin : handsome-testimonials 2.0.7 Shreya Pohekar 2021/06/29 Subscriber CVE-2021-24492
wp-plugin : xllentech-english-islamic-calendar 2.6.6 Syed Sheeraz Ali 2021/05/27 Administrator CVE-2021-24341
wp-plugin : side-menu 3.1.3 Shreya Pohekar 2021/05/27 Administrator CVE-2021-24348
wp-plugin : sendit 2.5.1 Shreya Pohekar 2021/05/27 Administrator CVE-2021-24345
wp-plugin : video-embed-box 1 Syed Sheeraz Ali 2021/05/19 Subscriber CVE-2021-24337
wp-plugin : flightlog 3.0.2 Shreya Pohekar 2021/05/19 Editor CVE-2021-24336
wp-plugin : cars-seller-auto-classifieds-script 2.1.0 Shreya Pohekar 2021/04/26 Unauthenticated CVE-2021-24285
wp-plugin : enl-newsletter 1.0.1 Anantshri 2014/05/28 Administrator CVE-2014-4939
wp-plugin : ultimate-product-catalogue Anantshri 2014/05/28 Administrator Not Assigned
wp-plugin : simple-retail-menus 4.0.1 Anantshri 2014/05/28 Editor Not Assigned
wp-plugin : hdw-player-video-player-video-gallery 2.4.2 Anantshri 2014/05/28 Administrator Not Assigned
wp-plugin : all-video-gallery 1.2 Anantshri 2014/05/28 Administrator Not Assigned
wp-plugin : wp-rss-poster 1.0.0 Anantshri 2014/05/28 Unauthenticated CVE-2014-4938
wp-plugin : yawpp 1.2 Anantshri 2014/05/28 Contributor Not Assigned
wp-plugin : stripshow 2.5.2 Anantshri 2014/05/28 Administrator Not Assigned
wp-plugin : quartz 1.01.1 Anantshri 2014/05/28 Contributor Not Assigned