8 matches found
CVE-2016-20072 BBS e-Franchise 1.1.1 WordPress Plugin SQL Injection via uid
BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the uid parameter. Attackers can craft requests to pages using the plugin's shortcode with UNION-based SQL...
EUVD-2016-10884
BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the uid parameter. Attackers can craft requests to pages using the plugin's shortcode with UNION-based SQL...
CVE-2016-20072
CVE-2016-20072 affects the BBS e-Franchise 1.1.1 WordPress plugin. The vulnerability is an SQL injection in the uid parameter used by the plugin’s shortcode, enabling unauthenticated attackers to craft requests (Union-based SQLi) to extract sensitive data (e.g., user information, taxonomy terms)....
PT-2026-49210
BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the uid parameter. Attackers can craft requests to pages using the plugin's shortcode with UNION-based SQL...
BBS e-Franchise 1.1.1 - Unauthenticated SQL Injection
$GET‘uid’ is not escaped, the URL is accessible for any user. You will have find a post or page that uses the plugin's shortcode. PoC...
WordPress Plugin BBS e-Franchise 1.1.1 - SQL Injection
WordPress Plugin BBS e-Franchise 1.1.1 - SQL Injection Exploit Title: BBS e-Franchise 1.1.1 Plugin of WordPress – Sql Injection Date: 12/11/2016 Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/bbs-e-franchise/ Software Link: https://wordpress.org/plugins/bbs-e-franchise...
WordPress Plugin BBS e-Franchise 1.1.1 - SQL Injection
Exploit Title: BBS e-Franchise 1.1.1 Plugin of WordPress – Sql Injection Date: 12/11/2016 Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/bbs-e-franchise/ Software Link: https://wordpress.org/plugins/bbs-e-franchise/ Contact: http://twitter.com/lenonleite Website:...
BBS e-Franchise 1.1.1 - Unauthenticated SQL Injection
$GET‘uid’ is not escaped, the URL is accessible for any user. You will have find a post or page that uses the plugin's shortcode...