resolved
SQLi | in URL paths
Bug reported by mmakingdom was disclosed at March 6, 2025, 11:54 am | SQL Injection
A SQL Injection vulnerability was discovered in the customerId parameter of the URL path. The vulnerability was demonstrated by adding a single quote to the customerId parameter, which resulted in an error message indicating that the application was vulnerable to SQL injection attacks. Tools such as SQLmap were used to confirm the vulnerability and gain access to the database.
resolved
CVE-2023-5561 on Payapps.com
Bug reported by ??? ℜ???? ??? was disclosed at March 5, 2025, 5:35 pm | Information Disclosure
A vulnerability was identified at the WordPress site on payapps.com. This vulnerability allowed unauthenticated attackers to discern the email addresses of users who have published public posts. The vulnerability has been fixed.
![[Image: e72398fe92beda2aa80d0329e8b9f4febece7568.gif]](https://64.media.tumblr.com/834502d05f9b014cbc37366fe428a5a7/13cb9841c0799d7a-ff/s500x560/e72398fe92beda2aa80d0329e8b9f4febece7568.gif)
