Lucene search
PRIOn knowledge basePRION:CVE-2022-1609HistoryJan 16, 2024 - 4:15 p.m.
Code injection
2024-01-1616:15:00
PRIOn knowledge base
www.prio-n.com
6
code injection
wordpress plugin
backdoor
unauthenticated attacker
rest api
arbitrary php code
The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it’s license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site.
| CPE | Name | Operator | Version |
|---|---|---|---|
| school_management | lt | 9.9.7 |
Related
githubexploit
githubexploit
Exploit for CVE-2022-1609
2022-06-03 02:49:49
Exploit for Code Injection in Weblizar School Management
2022-06-09 14:36:55
Exploit for CVE-2022-1609
2022-06-08 11:28:08
cvelist
cvelist
cve
cve
CVE-2022-1609
2024-01-16 16:15:09
wpvulndb
wpvulndb
The School Management < 9.9.7 - Unauthenticated RCE via REST api
2022-05-18 00:00:00
attackerkb
attackerkb
CVE-2022-1609
2024-01-16 00:00:00
nvd
nvd
CVE-2022-1609
2024-01-16 16:15:09
patchstack
patchstack
thn
thn
Researchers Find Backdoor in School Management Plugin for WordPress
2022-05-21 05:11:00
saint
saint
Weblizar School Management Pro plugin backdoor
2022-08-12 00:00:00
Weblizar School Management Pro plugin backdoor
2022-08-12 00:00:00
nuclei
nuclei
The School Management < 9.9.7 - Remote Code Execution
2022-05-26 06:25:43
wpexploit
wpexploit
The School Management < 9.9.7 - Unauthenticated RCE via REST api
2022-05-18 00:00:00