31 matches found
CVE-2016-10956
The mail-masta plugin 1.0 for WordPress has local file inclusion in countofsend.php and csvexport.php...
EUVD-2017-15626
Malware in sbrugna...
EUVD-2017-15633
Malware in sbrugna...
EUVD-2017-15162
Malware in sbrugna...
CVE-2016-10956
The mail-masta plugin 1.0 for WordPress has local file inclusion in countofsend.php and csvexport.php...
CVE-2016-10956
CVE-2016-10956 affects WordPress Mail Masta 1.0, with local file inclusion in count_of_send.php and csvexport.php. The Nuclei template and other sources confirm unauthenticated LFI (example PoC). Impact per sources: attacker can read server files, potentially leading to information disclosure. CV...
WordPress Mail Masta plugin SQL injection vulnerability (CNVD-2017-02634)
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.Mail Masta aka mail-masta is one of the email plug-ins. WordPress Mail Masta plugin version 1.0 in...
WordPress Mail Masta plugin SQL injection vulnerability (CNVD-2017-02632)
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.Mail Masta aka mail-masta is one of the email plug-ins. WordPress Mail Masta plugin version 1.0 in...
WordPress Mail Masta plugin SQL injection vulnerability (CNVD-2017-02638)
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.Mail Masta aka mail-masta is one of the email plug-ins. WordPress Mail Masta plugin version 1.0 in...
Sql injection
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects ./inc/subscriberlist.php with the POST Parameter: subscriberemail...
CVE-2017-6576
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects ./inc/campaign/campaign-delete.php with the GET Parameter: id...
CVE-2017-6578
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects ./inc/subscriberlist.php with the POST Parameter: subscriberemail...
CVE-2017-6573
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects ./inc/lists/edit-list.php with the GET Parameter: id...
CVE-2017-6575
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects ./inc/lists/editmember.php with the GET Parameter: memberid...
CVE-2017-6575
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects ./inc/lists/editmember.php with the GET Parameter: memberid...
CVE-2017-6573
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects ./inc/lists/edit-list.php with the GET Parameter: id...
CVE-2017-6570
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign-list.php with the GET Parameter: id...
CVE-2017-6578
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects ./inc/subscriberlist.php with the POST Parameter: subscriberemail...
CVE-2017-6572
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects ./inc/lists/addmember.php with the GET Parameter: filterlist...
CVE-2017-6575
The CVE-2017-6575 entry maps to a concrete SQL injection vulnerability in the WordPress Mail Masta (aka mail-masta) plugin v1.0. The flaw exists in the file ./inc/lists/edit_member.php and is triggered via the GET parameter member_id, allowing an attacker with WordPress admin access to inject arb...