Lucene search
K

774 matches found

CNNVD
CNNVD
added 2022/02/21 12:0 a.m.5 views

Wordpress Plugin Database Backup SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is a WordPress open source application plugin. wordpress Database Backup Plugin has a SQL injecti...

7.2CVSS6.2AI score0.01265EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2022/02/17 7:15 p.m.5 views

CVE-2022-0633

The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site such as subscriber to download the most recent site & database...

6.5CVSS6.8AI score0.01979EPSS
Exploits3References5Affected Software2
Patchstack
Patchstack
added 2022/01/24 12:0 a.m.19 views

WordPress Database Backup for WordPress plugin <= 2.5 - SQL Injection (SQL) vulnerability

SQL Injection SQL vulnerability discovered by JrXnm in WordPress Database Backup for WordPress plugin versions = 2.5. Solution Update the WordPress Database Backup for WordPress plugin to the latest available version at least 2.5.1...

7.2CVSS2.6AI score0.01265EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2022/01/24 12:0 a.m.112 views

Database Backup for WordPress < 2.5.1 - Admin+ SQL Injection

The plugin does not properly sanitise and escape the fragment parameter before using it in a SQL statement in the admin dashboard, leading to a SQL injection issue https://example.com/wp-admin/?fragment=select%20updatexml1,concat0x7e,select%20user,0::2.txt&wpnonce=7347278aca The nonce can be...

7.2CVSS0.7AI score0.01265EPSS
Exploits2
Packet Storm
Packet Storm
added 2021/10/06 12:0 a.m.266 views

WordPress BulletProof Security 5.1 Information Disclosure

Exploit Title: Wordpress Plugin BulletProof Security 5.1 - Sensitive Information Disclosure Date 04.10.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://forum.ait-pro.com/read-me-first/ Software Link: https://downloads.wordpress.org/plugin/bulletproof-security.5.1.zip Version: =...

5CVSS5.7AI score0.7233EPSS
Exploits7
Exploit DB
Exploit DB
added 2021/10/06 12:0 a.m.300 views

Wordpress Plugin BulletProof Security 5.1 - Sensitive Information Disclosure

Exploit Title: Wordpress Plugin BulletProof Security 5.1 - Sensitive Information Disclosure Date 04.10.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://forum.ait-pro.com/read-me-first/ Software Link: https://downloads.wordpress.org/plugin/bulletproof-security.5.1.zip Version: =...

5.3CVSS5.7AI score0.7233EPSS
Exploits7
Cvelist
Cvelist
added 2021/09/17 10:26 a.m.50 views

CVE-2021-39327 BulletProof Security <= 5.1 Sensitive Information Disclosure

The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible /dbbackuplog.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up t...

5.3CVSS5.3AI score0.7233EPSS
Exploits7References5
Huntr
Huntr
added 2021/08/04 7:32 a.m.9 views

Cross-Site Request Forgery (CSRF) in bigprof-software/online-rental-property-manager

✍️ Description csrf bug to create a backup 🕵️‍♂️ Proof of Concept Bellow request vulnerable to csrf bug which allow to create database backup GET /online-rental-property-manager/app/admin/pageBackupRestore.php?action=createbackup HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 X11; Ubuntu; Linux...

0.2AI score
Exploits0
Prion
Prion
added 2021/07/30 2:15 p.m.20 views

Design/Logic Flaw

When installed following the default/recommended settings, TCExam = 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files...

5CVSS7.5AI score0.05973EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2021/06/25 12:0 a.m.6 views

IBOS Command Injection Vulnerability (CNVD-2021-46548)

IBOS is a collaborative office management system. A command injection vulnerability exists in IBOS, which stems from a command injection vulnerability in database backup in IBOS 4.5.4 Open version. No detailed vulnerability details are available at this time...

8.8CVSS7.3AI score0.02726EPSS
Exploits1
CNVD
CNVD
added 2021/06/25 12:0 a.m.7 views

IBOS Command Injection Vulnerability

IBOS is a collaborative office management system. A command injection vulnerability exists in ibos IBOS, which stems from a command injection vulnerability in database backup in IBOS 4.5.4 Open version. An attacker can exploit this vulnerability to gain server control privileges...

9.8CVSS7.4AI score0.01118EPSS
Exploits1
NVD
NVD
added 2021/06/24 4:15 p.m.15 views

CVE-2020-21785

In IBOS 4.5.4 Open, the database backup has Command Injection Vulnerability...

8.8CVSS0.02726EPSS
Exploits1References1
Prion
Prion
added 2021/06/24 4:15 p.m.13 views

Command injection

In IBOS 4.5.4 Open, the database backup has Command Injection Vulnerability...

6.5CVSS9AI score0.02726EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/06/24 3:24 p.m.38 views

CVE-2020-21785

CVE-2020-21785 affects IBOS 4.5.4 Open, with a Command Injection vulnerability in the database backup component. The available connected records consistently describe the issue as a vulnerability in the backup process, but do not provide concrete exploit details, affected subcomponents beyond “da...

8.8CVSS8.9AI score0.02726EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/06/24 3:24 p.m.12 views

CVE-2020-21785

In IBOS 4.5.4 Open, the database backup has Command Injection Vulnerability...

9AI score0.02726EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/06/24 12:0 a.m.3 views

IBOS命令注入漏洞

IBOS is a collaborative office management system. A command injection vulnerability exists in IBOS, which stems from a command injection vulnerability in database backup in IBOS 4.5.4 Open version. No detailed vulnerability details are available at this time...

8.8CVSS5.6AI score0.02726EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/06/24 12:0 a.m.3 views

IBOS 代码问题漏洞

IBOS is a collaborative office management system. A command injection vulnerability exists in ibos IBOS, which stems from a command injection vulnerability in database backup in IBOS 4.5.4 Open version. An attacker can exploit this vulnerability to gain server control privileges...

9.8CVSS5.7AI score0.01118EPSS
Exploits1References1
OSV
OSV
added 2021/06/01 2:15 p.m.2 views

CVE-2021-24322

The Database Backup for WordPress plugin before 2.4 did not escape the backuprecipient POST parameter in before output it back in the attribute of an HTML tag, leading to a Stored Cross-Site Scripting issue...

5.4CVSS5.8AI score0.00703EPSS
Exploits2References2
Prion
Prion
added 2021/06/01 2:15 p.m.13 views

Cross site scripting

The Database Backup for WordPress plugin before 2.4 did not escape the backuprecipient POST parameter in before output it back in the attribute of an HTML tag, leading to a Stored Cross-Site Scripting issue...

3.5CVSS5.3AI score0.00703EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2021/06/01 11:33 a.m.52 views

CVE-2021-24322

The CVE-2021-24322 entry concerns the WordPress Database Backup plugin prior to version 2.4. The vulnerability is a Stored XSS caused by not escaping the backup_recipient POST parameter before echoing it into an HTML attribute, enabling an attacker to inject malicious payloads. Affected product: ...

5.4CVSS5.3AI score0.00703EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder