265 matches found
WordPress AIT CSV Import Export Unauthenticated Remote Code Execution
The AIT CSV Import/Export plugin use exploit/multi/http/wpaitcsvrce msf exploitwpaitcsvrce show targets ...targets... msf exploitwpaitcsvrce set TARGET msf exploitwpaitcsvrce show options ...show and set options... msf exploitwpaitcsvrce exploit This module requires Metasploit:...
WordPress AIT CSV Import/Export 3.0.3 Shell Upload Exploit
WordPress AIT CSV Import/Export plugin versions 3.0.3 and below allow unauthenticated remote attackers to upload and execute arbitrary PHP code. The upload-handler does not require authentication, nor validates the uploaded content. It may return an error when attempting to parse a CSV, however t...
WordPress AIT CSV Import/Export 3.0.3 Shell Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress AIT CSV Import Export Unauthenticated Remote Code Execution', 'Description' = %q The AIT CSV Import/Export plugin MSFLICENSE, 'Author' ...
[0day] AIT CSV Import / Export <= 3.0.3 - Unauthenticated Arbitrary File Upload
The WPScan research team discovered an active exploitation attempt against a 0day vulnerability within the premium AIT CSV Import / Export WordPress plugin within our honeypot logs. The honeypot log showed a GET request to the following file:...
WordPress AIT CSV Import / Export plugin <= 3.0.3 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability found by Ryan WPScan in WordPress AIT CSV Import / Export plugin versions = 3.0.3. Solution 2020-11-13 - we were unable to find a patched version of this plugin...
CVE-2019-20891
WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery CSRF issue with resultant stored cross-site scripting XSS via includes/admin/importers/class-wc-product-csv-importer-controller.php...
CVE-2019-20891
CVE-2019-20891 affects WooCommerce prior to version 3.6.5. The issue is a cross-site request forgery (CSRF) in the CSV product-import workflow that can lead to stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php. Impact is described as CSRF ...
GHSA-GG6X-XX78-448C Reflected XSS when importing CSV in OctoberCMS
Impact A user with the ability to use the import functionality of the ImportExportController behavior could be socially engineered by an attacker to upload a maliciously crafted CSV file which could result in a reflected XSS attack on the user in question Patches Issue has been patched in Build 4...
Reflected XSS when importing CSV in OctoberCMS
Impact A user with the ability to use the import functionality of the ImportExportController behavior could be socially engineered by an attacker to upload a maliciously crafted CSV file which could result in a reflected XSS attack on the user in question Patches Issue has been patched in Build 4...
Faraday v3.11 - Collaborative Penetration Test and Vulnerability Management Platform
This new release brings strong improvements to your security team’s daily performance , allowing them to operate quicker and smarter by increasing accessibility and stabilizing usual functionality. Major enhancements are focused on providing global visualization of findings , improvements on our...
WordPress Import Export WordPress Users Plugin < 1.3.9 Arbitrary User Creation Vulnerability
The WordPress plugin Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
CVE-2020-12074
The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV...
Horde 5.2.22 CSV Import Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Horde CSV import arbitrary PHP code execution', 'Description' = %q The HordeData module version 2.1.4 and before present in Horde Groupware versi...
Horde CSV import arbitrary PHP code execution
The HordeData module version 2.1.4 and before present in Horde Groupware version 5.2.22 allows authenticated users to inject arbitrary PHP code thus achieving RCE on the server hosting the web application. This module requires Metasploit: https://metasploit.com/download Current source:...
Import Export WordPress Users < 1.3.9 - Authenticated Arbitrary User Creation
"The flaw allowed anybody with subscriber-level access or above to import new users via a CSV file, including administrative-level users" providing subscriber-level users and above with the ability to escalate their privileges. PoC POST /wp-admin/admin-ajax.php?importpage=wordpresshfusercsv=3...
CVE-2019-19392
The forDNN.UsersExportImport module before 1.2.0 for DNN formerly DotNetNuke allows an unprivileged user to import create new users with Administrator privileges, as demonstrated by Roles="Administrators" in XML or CSV data...
Import Users From CSV with Meta 1.15 - Unauthorised Authenticated Users Export
The exportuserscsv function, registered as an authenticated AJAX call and allowing to export users, was missing the authorisation/capability check. CSRF check was in place, reducing the severity of the issue. Only version 1.15 seems to be affected as the export functionality is a new feature...
[SECURITY] Fedora 29 Update: phpMyAdmin-4.9.1-1.fc29
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...
Cross site request forgery (csrf)
The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acuideleteattachment CSRF...
CSV Import And Export 1.1.0 Cross Site Scripting / SQL Injection
Exploit Title: CSV Import & Export v1.1.0 - SQL Injection / Cross-Site Scripting Dork: N/A Date: 30.05.2018 Exploit Author: Kagan Capar Contact: [email protected] Vendor Homepage: https://codecanyon.net/item/csv-import-export/21105509 Version: 1.1.0 Category: Webapps Tested on: Kali Linux...