125 matches found
CVE-2024-25932 WordPress Change Table Prefix plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Manish Kumar Agarwal Change Table Prefix change-table-prefix allows Cross Site Request Forgery.This issue affects Change Table Prefix: from n/a through = 2.0...
PT-2024-21226 · Unknown · Change Table Prefix
Name of the Vulnerable Software and Affected Versions: Change Table Prefix versions through 2.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the...
Change Table Prefix <= 2.0 - Cross-Site Request Forgery via change_prefix_form
Description The Change Table Prefix plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. This is due to missing or incorrect nonce validation on the 'changeprefixform' function. This makes it possible for unauthenticated attackers to toggle...
WordPress Change Table Prefix Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software Change Table Prefix Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-25932 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3132be596954 Credits Nguyen Xuan Chien...
SUSE CVE-2013-3238
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a pregreplace function call within the "Replace table prefix" feature...
SUSE CVE-2015-9230
In the admin/db-backup-security/db-backup-security.php page in the BulletProof Security plugin before .52.5 for WordPress, XSS is possible for remote authenticated administrators via the DBTablePrefix parameter...
Exploit for SQL Injection in Prestashop Blockwishlist
CVE-2022-31101 Exploit for PrestaShop bockwishlist module 2.1...
PT-2022-13251 · WordPress · Flo-Launch
Name of the Vulnerable Software and Affected Versions: flo-launch WordPress plugin versions prior to 2.4.1 Description: The issue allows an attacker to initiate a new site install by setting the flo custom table prefix cookie to an arbitrary value. This is possible because the plugin injects code...
PT-2021-10201 · Gnuboard5 · Gnuboard5
Name of the Vulnerable Software and Affected Versions: gnuboard5 versions prior to 5.3.2.8 Description: The issue is related to a SQL Injection vulnerability. It can be exploited via the table prefix parameter in the install db.php file. Recommendations: For versions prior to 5.3.2.8, update to a...
GNUBOARD5 SQL注入漏洞
GNUBOARD5 is a Web forum system based on PHP and MySQL. A SQL injection vulnerability exists in GNUBOARD5 5.3.2.8 and earlier versions. The vulnerability can be exploited to conduct SQL injection attacks via the tableprefix parameter in installdb.php...
Arbitrary Code Execution Vulnerability in GolemCMS
GolemCMS is a PHP-based content management system CMS. An arbitrary code execution vulnerability exists in GolemCMS version 2008-12-24 and earlier. A remote attacker can execute arbitrary PHP code or obtain sensitive information by sending a direct request to the 'Table prefix' form field in...
CVE-2018-14579
GolemCMS through 2008-12-24, if the install/ directory remains active after an installation, allows remote attackers to execute arbitrary PHP code by inserting this code into the "Database Information" "Table prefix" form field, or obtain sensitive information via a direct request for...
WordPress BulletProof Security Plugin Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed in PHP by the WordPress Software Foundation, which supports setting up personal blog sites on PHP and MySQL servers.BulletProof Security is one of the security plug-ins against brute-force cracking. A cross-site scripting vulnerability exists in the...
dz7. 2 faq. php vulnerability storm table prefix-vulnerability warning-the black bar safety net
action=grouppermission&gids9 9='&gids1 0 00= andselect 1 fromselect count,concatselect select SELECT distinct concathextablename FROM informationschema. the tables where tableschema=database limit 0,1 from informationschema. tables limit 0,1,floorrand02x from informationschema. tables group by xa...
LinPHA <= 1.3.1 (new_images.php) Remote Blind SQL Injection Exploit
No description provided by source. ?php / LinPHA = 1.3.1 newimages.php Remote Blind SQL Injection Hash Fishing Exploit / BENCHMARK method author...: EgiX mail.....: n0b0d1esathotmaildotcom link.....: http://linpha.sourceforge.net/ dork.....: LinPHA Version 1.3.x or The LinPHA developers vulnerabl...
exV2 <= 2.0.4.3 - (sort) Remote SQL Injection Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? printr' ------------------------------------------------------------------------------- exV2 = 2.0.4.3 sort SQL injection / administrative credentials disclosure exploit mail: [email protected] site:...
WP Comment Remix 1.4.3 - Remote SQL Injection Exploit
No description provided by source. ?php / WP Comment Remix 1.4.3 SQL Injection Proof of Concept By g30rg3x g30rg3xatchxsecuritydotorg Advisory: http://chxsecurity.org/advisories/adv-3-full.txt PoC Mirror: http://chxsecurity.org/proof-of-concepts/wp-comment-remix-143.zip Attention: This is a...
ibProArcade <= 3.3.0 - Remote SQL Injection Exploit
No description provided by source. !/usr/bin/perl ibProArcade = v3.3.0 sql injection exploit coded by 1dt.w0lf RST/GHC THIS IS UNPUBLISHED RST/GHC EXPLOIT CODE KEEP IT PRIVATE use Tk; use Tk::BrowseEntry; use Tk::DialogBox; use LWP::UserAgent; BEGIN if$^O eq 'MSWin32' require Win32::Console;...
YAP 1.1.1 - Blind SQL Injection/SQL Injection Vulnerabilities
No description provided by source. + YAP 1.1.1 Blind SQL Injection/SQL Injection + Discovered By SirGod + www.mortal-team.org + www.h4cky0u.org + Blind SQL Injection The default prefix for database tables is yap .But can be changed at installation. PoC : http://127.0.0.1/path/comments.php?imageid...
X7 Chat <= 2.0.4 (old_prefix) Remote Blind SQL Injection Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo X7 Chat =2.0.4 'oldprefix' blind SQL injection / privilege escalation exploit\r\n; echo by rgod [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n; echo dork: \Powered By X7 Chat\r\n\r\n; if $argc3...