774 matches found
Wordpress Plugin Database Backup SQL注入漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is a WordPress open source application plugin. wordpress Database Backup Plugin has a SQL injecti...
CVE-2022-0633
The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site such as subscriber to download the most recent site & database...
WordPress Database Backup for WordPress plugin <= 2.5 - SQL Injection (SQL) vulnerability
SQL Injection SQL vulnerability discovered by JrXnm in WordPress Database Backup for WordPress plugin versions = 2.5. Solution Update the WordPress Database Backup for WordPress plugin to the latest available version at least 2.5.1...
Database Backup for WordPress < 2.5.1 - Admin+ SQL Injection
The plugin does not properly sanitise and escape the fragment parameter before using it in a SQL statement in the admin dashboard, leading to a SQL injection issue https://example.com/wp-admin/?fragment=select%20updatexml1,concat0x7e,select%20user,0::2.txt&wpnonce=7347278aca The nonce can be...
WordPress BulletProof Security 5.1 Information Disclosure
Exploit Title: Wordpress Plugin BulletProof Security 5.1 - Sensitive Information Disclosure Date 04.10.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://forum.ait-pro.com/read-me-first/ Software Link: https://downloads.wordpress.org/plugin/bulletproof-security.5.1.zip Version: =...
Wordpress Plugin BulletProof Security 5.1 - Sensitive Information Disclosure
Exploit Title: Wordpress Plugin BulletProof Security 5.1 - Sensitive Information Disclosure Date 04.10.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://forum.ait-pro.com/read-me-first/ Software Link: https://downloads.wordpress.org/plugin/bulletproof-security.5.1.zip Version: =...
CVE-2021-39327 BulletProof Security <= 5.1 Sensitive Information Disclosure
The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible /dbbackuplog.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up t...
Cross-Site Request Forgery (CSRF) in bigprof-software/online-rental-property-manager
✍️ Description csrf bug to create a backup 🕵️♂️ Proof of Concept Bellow request vulnerable to csrf bug which allow to create database backup GET /online-rental-property-manager/app/admin/pageBackupRestore.php?action=createbackup HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 X11; Ubuntu; Linux...
Design/Logic Flaw
When installed following the default/recommended settings, TCExam = 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files...
IBOS Command Injection Vulnerability (CNVD-2021-46548)
IBOS is a collaborative office management system. A command injection vulnerability exists in IBOS, which stems from a command injection vulnerability in database backup in IBOS 4.5.4 Open version. No detailed vulnerability details are available at this time...
IBOS Command Injection Vulnerability
IBOS is a collaborative office management system. A command injection vulnerability exists in ibos IBOS, which stems from a command injection vulnerability in database backup in IBOS 4.5.4 Open version. An attacker can exploit this vulnerability to gain server control privileges...
CVE-2020-21785
In IBOS 4.5.4 Open, the database backup has Command Injection Vulnerability...
Command injection
In IBOS 4.5.4 Open, the database backup has Command Injection Vulnerability...
CVE-2020-21785
CVE-2020-21785 affects IBOS 4.5.4 Open, with a Command Injection vulnerability in the database backup component. The available connected records consistently describe the issue as a vulnerability in the backup process, but do not provide concrete exploit details, affected subcomponents beyond “da...
CVE-2020-21785
In IBOS 4.5.4 Open, the database backup has Command Injection Vulnerability...
IBOS命令注入漏洞
IBOS is a collaborative office management system. A command injection vulnerability exists in IBOS, which stems from a command injection vulnerability in database backup in IBOS 4.5.4 Open version. No detailed vulnerability details are available at this time...
IBOS 代码问题漏洞
IBOS is a collaborative office management system. A command injection vulnerability exists in ibos IBOS, which stems from a command injection vulnerability in database backup in IBOS 4.5.4 Open version. An attacker can exploit this vulnerability to gain server control privileges...
CVE-2021-24322
The Database Backup for WordPress plugin before 2.4 did not escape the backuprecipient POST parameter in before output it back in the attribute of an HTML tag, leading to a Stored Cross-Site Scripting issue...
Cross site scripting
The Database Backup for WordPress plugin before 2.4 did not escape the backuprecipient POST parameter in before output it back in the attribute of an HTML tag, leading to a Stored Cross-Site Scripting issue...
CVE-2021-24322
The CVE-2021-24322 entry concerns the WordPress Database Backup plugin prior to version 2.4. The vulnerability is a Stored XSS caused by not escaping the backup_recipient POST parameter before echoing it into an HTML attribute, enabling an attacker to inject malicious payloads. Affected product: ...