19 matches found
EUVD-2017-1624
Malware in sbrugna...
EUVD-2017-1625
Malware in sbrugna...
CVE-2017-1002009
Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete function...
CVE-2017-1002010
Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the deletemedia function...
WordPress Membership Simplified SQL Injection Vulnerability
WordPress Membership Simplified is a WordPress-specific membership plugin developed by American software developer William. A SQL injection vulnerability exists in the code of the membership-simplified-for-oap-members-only/updateDB.php file in WordPress Membership Simplified version 1.58, which...
WordPress Membership Simplified SQL Injection Vulnerability (CNVD-2017-33667)
WordPress Membership Simplified is a WordPress-specific membership plugin developed by American software developer William. A SQL injection vulnerability exists in the code of the membership-simplified-for-oap-members-only/updateDB.php file in WordPress Membership Simplified version 1.58, which...
CVE-2017-1002009
Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete function...
CVE-2017-1002010
Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the deletemedia function...
CVE-2017-1002009
Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete function...
CVE-2017-1002010
Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the deletemedia function...
CVE-2017-1002009
Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete function...
CVE-2017-1002010
Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the deletemedia function...
CVE-2017-1002010
CVE-2017-1002010 affects the WordPress plugin Membership Simplified (v1.58). The issue is a blind SQL injection in the file membership-simplified-for-oap-members-only/updateDB.php, caused by insufficient sanitization of the input parameter recordId used in delete_media. Public metrics show a high...
CVE-2017-1002009
CVE-2017-1002009 affects the WordPress plugin Membership Simplified v1.58. The vulnerability is in membership-simplified-for-oap-members-only/updateDB.php where unsanitized input via the recordId parameter in the delete function enables blind SQL injection. Impact details are stated as high/sever...
CVE-2017-1002008
CVE-2017-1002008 affects the WordPress plugin membership-simplified-for-oap-members-only v1.58. The vulnerability is in the file download.php, which does not verify that a user is logged in or has download privileges, enabling an attacker to obtain arbitrary files. Public writeups and advisories ...
Wordpress Plugin Membership Simplified 1.58 - arbitrary File Download
Vulnerability title: Wordpress Plugin Membership Simplified 1.58 - arbitrary File Download Vulnerability type: arbitrary File Download Vulnerability impact: Membership Simplified 1.58 Vulnerabilities exist in the url: /wp-content/plugins/membership-simplified-for-oap-members-only/download.php...
WordPress Membership Simplified 1.58 Arbitrary File Download
Title: Arbitrary file download vulnerability in Wordpress Plugin Membership Simplified v1.58 Author: Larry W. Cashdollar, @larry0 Date: 2017-03-13 CVE-ID:CVE-2017-1002008 Download Site: https://wordpress.org/plugins/membership-simplified-for-oap-members-only Vendor:...
Wordpress Membership Simplified v1.58 Plugin - Arbitrary File Download Exploit
Exploit for php platform in category web applications import requests import string import random from urlparse import urlparse print "---------------------------------------------------------------------" print "Wordpress Plugin Membership Simplified v1.58 - Arbitrary File Download\nDiscovery:...
WordPress Plugin Membership Simplified 1.58 - Arbitrary File Download Vulnerability
Arbitrary file download vulnerability found in WordPress Plugin Membership Simplified version 1.58. Plugin does't check whether the user is logged in or not and if logged does it has file download privileges. Solution We were unable to find patched version of this plugin. Also, this plugin remove...