Lucene search
+L

265 matches found

Metasploit
Metasploit
added 2021/01/12 5:42 p.m.75 views

WordPress AIT CSV Import Export Unauthenticated Remote Code Execution

The AIT CSV Import/Export plugin use exploit/multi/http/wpaitcsvrce msf exploitwpaitcsvrce show targets ...targets... msf exploitwpaitcsvrce set TARGET msf exploitwpaitcsvrce show options ...show and set options... msf exploitwpaitcsvrce exploit This module requires Metasploit:...

9.8CVSS7.8AI score0.04655EPSS
Exploits2
0day.today
0day.today
added 2021/01/12 12:0 a.m.51 views

WordPress AIT CSV Import/Export 3.0.3 Shell Upload Exploit

WordPress AIT CSV Import/Export plugin versions 3.0.3 and below allow unauthenticated remote attackers to upload and execute arbitrary PHP code. The upload-handler does not require authentication, nor validates the uploaded content. It may return an error when attempting to parse a CSV, however t...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2021/01/12 12:0 a.m.252 views

WordPress AIT CSV Import/Export 3.0.3 Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress AIT CSV Import Export Unauthenticated Remote Code Execution', 'Description' = %q The AIT CSV Import/Export plugin MSFLICENSE, 'Author' ...

0.1AI score
Exploits0
WPVulnDB
WPVulnDB
added 2020/11/13 12:0 a.m.10 views

[0day] AIT CSV Import / Export <= 3.0.3 - Unauthenticated Arbitrary File Upload

The WPScan research team discovered an active exploitation attempt against a 0day vulnerability within the premium AIT CSV Import / Export WordPress plugin within our honeypot logs. The honeypot log showed a GET request to the following file:...

0.1AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2020/11/13 12:0 a.m.22 views

WordPress AIT CSV Import / Export plugin <= 3.0.3 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability found by Ryan WPScan in WordPress AIT CSV Import / Export plugin versions = 3.0.3. Solution 2020-11-13 - we were unable to find a patched version of this plugin...

3.3AI score
Exploits0References2Affected Software1
OSV
OSV
added 2020/06/19 9:15 p.m.27 views

CVE-2019-20891

WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery CSRF issue with resultant stored cross-site scripting XSS via includes/admin/importers/class-wc-product-csv-importer-controller.php...

8.8CVSS6AI score
Exploits0References2
CVE
CVE
added 2020/06/19 8:35 p.m.69 views

CVE-2019-20891

CVE-2019-20891 affects WooCommerce prior to version 3.6.5. The issue is a cross-site request forgery (CSRF) in the CSV product-import workflow that can lead to stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php. Impact is described as CSRF ...

8.8CVSS8.2AI score0.00534EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2020/06/03 9:58 p.m.21 views

GHSA-GG6X-XX78-448C Reflected XSS when importing CSV in OctoberCMS

Impact A user with the ability to use the import functionality of the ImportExportController behavior could be socially engineered by an attacker to upload a maliciously crafted CSV file which could result in a reflected XSS attack on the user in question Patches Issue has been patched in Build 4...

4CVSS4.7AI score0.00909EPSS
Exploits3References5
Github Security Blog
Github Security Blog
added 2020/06/03 9:58 p.m.61 views

Reflected XSS when importing CSV in OctoberCMS

Impact A user with the ability to use the import functionality of the ImportExportController behavior could be socially engineered by an attacker to upload a maliciously crafted CSV file which could result in a reflected XSS attack on the user in question Patches Issue has been patched in Build 4...

4.8CVSS0.2AI score0.00909EPSS
Exploits3References6Affected Software1
Kitploit
Kitploit
added 2020/05/22 7:37 p.m.113 views

Faraday v3.11 - Collaborative Penetration Test and Vulnerability Management Platform

This new release brings strong improvements to your security team’s daily performance , allowing them to operate quicker and smarter by increasing accessibility and stabilizing usual functionality. Major enhancements are focused on providing global visualization of findings , improvements on our...

6.9AI score
Exploits0References1
OpenVAS
OpenVAS
added 2020/04/28 12:0 a.m.23 views

WordPress Import Export WordPress Users Plugin < 1.3.9 Arbitrary User Creation Vulnerability

The WordPress plugin Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

8.8CVSS8.9AI score0.01727EPSS
Exploits2References2
OSV
OSV
added 2020/04/23 2:15 a.m.3 views

CVE-2020-12074

The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV...

8.8CVSS7.3AI score0.01727EPSS
Exploits2References1
Packet Storm
Packet Storm
added 2020/03/23 12:0 a.m.199 views

Horde 5.2.22 CSV Import Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Horde CSV import arbitrary PHP code execution', 'Description' = %q The HordeData module version 2.1.4 and before present in Horde Groupware versi...

7.5CVSS0.1AI score0.71728EPSS
Exploits5
Metasploit
Metasploit
added 2020/03/14 3:7 p.m.49 views

Horde CSV import arbitrary PHP code execution

The HordeData module version 2.1.4 and before present in Horde Groupware version 5.2.22 allows authenticated users to inject arbitrary PHP code thus achieving RCE on the server hosting the web application. This module requires Metasploit: https://metasploit.com/download Current source:...

9.8CVSS7.4AI score0.71728EPSS
Exploits5
WPVulnDB
WPVulnDB
added 2020/03/11 12:0 a.m.22 views

Import Export WordPress Users < 1.3.9 - Authenticated Arbitrary User Creation

"The flaw allowed anybody with subscriber-level access or above to import new users via a CSV file, including administrative-level users" providing subscriber-level users and above with the ability to escalate their privileges. PoC POST /wp-admin/admin-ajax.php?importpage=wordpresshfusercsv=3...

6.5CVSS0.5AI score0.01727EPSS
Exploits2References2Affected Software1
OSV
OSV
added 2020/01/21 5:15 p.m.4 views

CVE-2019-19392

The forDNN.UsersExportImport module before 1.2.0 for DNN formerly DotNetNuke allows an unprivileged user to import create new users with Administrator privileges, as demonstrated by Roles="Administrators" in XML or CSV data...

9.8CVSS7.3AI score0.0139EPSS
Exploits1References2
WPVulnDB
WPVulnDB
added 2020/01/01 12:0 a.m.11 views

Import Users From CSV with Meta 1.15 - Unauthorised Authenticated Users Export

The exportuserscsv function, registered as an authenticated AJAX call and allowing to export users, was missing the authorisation/capability check. CSRF check was in place, reducing the severity of the issue. Only version 1.15 seems to be affected as the export functionality is a new feature...

4.2AI score
Exploits0References1Affected Software1
Fedora
Fedora
added 2019/10/02 1:41 a.m.35 views

[SECURITY] Fedora 29 Update: phpMyAdmin-4.9.1-1.fc29

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

6.5CVSS1.3AI score0.10182EPSS
Exploits5
Prion
Prion
added 2019/08/08 8:15 p.m.14 views

Cross site request forgery (csrf)

The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acuideleteattachment CSRF...

4.9CVSS5.8AI score0.00679EPSS
Exploits1References4Affected Software1
Packet Storm
Packet Storm
added 2018/05/31 12:0 a.m.31 views

CSV Import And Export 1.1.0 Cross Site Scripting / SQL Injection

Exploit Title: CSV Import & Export v1.1.0 - SQL Injection / Cross-Site Scripting Dork: N/A Date: 30.05.2018 Exploit Author: Kagan Capar Contact: [email protected] Vendor Homepage: https://codecanyon.net/item/csv-import-export/21105509 Version: 1.1.0 Category: Webapps Tested on: Kali Linux...

0.2AI score
Exploits0
Rows per page
Query Builder