2 matches found
Game Server Status <= 1.0 - Admin+ SQL Injection
The plugin does not validate or escape the serverid parameter before using it in SQL statement, leading to an Authenticated SQL Injection in an admin page PoC sqlmap -u "https://example.com/wp-admin/admin.php?page=grohsfabian-add-game-serversid=1" -p serverid --dbms mysql --cookie your cookie...
WordPress Server Status by Hostname/IP plugin SQL Injection Vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Server Status by Hostname/IP plugin is used in one of the server monitoring plugin. A SQL injection vulnerability exists in version 4.6...