5078 matches found
Chadha PHPKB CSV Injection Vulnerability
Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A CSV injection vulnerability exists in admin/include/operations.php in Chadha PHPKB Standard Multi-Language 9. An attacker can...
Chadha PHPKB Cross-Site Scripting Vulnerability (CNVD-2020-17217)
Chadha PHPKB is a knowledge base software that keeps information organized, accessible and manageable for internal teams and external clients. A reflected cross-site scripting vulnerability exists in admin/import-csv.php in Chadha PHPKB Standard Multilingual Version 9. The vulnerability stems fro...
CVE-2020-10460
admin/include/operations.php via admin/email-harvester.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject untrusted input inside CSV files via the POST parameter data...
CVE-2020-10460
admin/include/operations.php via admin/email-harvester.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject untrusted input inside CSV files via the POST parameter data...
Input validation
admin/include/operations.php via admin/email-harvester.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject untrusted input inside CSV files via the POST parameter data...
CVE-2020-10460
admin/include/operations.php via admin/email-harvester.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject untrusted input inside CSV files via the POST parameter data...
CVE-2020-10412
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/import-csv.php by adding a question mark ? followed by the payload...
PT-2020-12082 · Chadha · Phpkb Standard Multi-Language
Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS in admin/import-csv.php. This can be achieved by adding a question mark ? followed by the...
WordPress Appointment Booking Calendar <= 1.3.34 - CSV Injection vulnerability
CSV Injection vulnerability discovered by Daniel Monzon in WordPress Appointment Booking Calendar plugin versions = 1.3.34. Solution Update the WordPress Appointment Booking Calendar to the latest available version at least 1.3.35...
Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection
Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection Exploit Title: Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection Google Dork: N/A Date: 2020-03-05 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://www.codepeople.net/ Software Link:...
Wordpress Appointment Booking Calendar 1.3.34 Plugin - CSV Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://www.codepeople.net/ Software Link:...
WordPress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection
Exploit Title: Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection Google Dork: N/A Date: 2020-03-05 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://www.codepeople.net/ Software Link: https://downloads.wordpress.org/plugin/appointment-booking-calendar.zip Version:...
WordPress Appointment Booking Calendar 1.3.34 CSV Injection
Exploit Title: Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection Google Dork: N/A Date: 2020-03-05 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://www.codepeople.net/ Software Link: https://downloads.wordpress.org/plugin/appointment-booking-calendar.zip Version:...
Import Export WordPress Users < 1.3.9 - Authenticated Arbitrary User Creation
"The flaw allowed anybody with subscriber-level access or above to import new users via a CSV file, including administrative-level users" providing subscriber-level users and above with the ability to escalate their privileges. PoC POST /wp-admin/admin-ajax.php?importpage=wordpresshfusercsv=3...
Search Meter < 2.13.3 - CSV Injection
A CSV Injection vulnerability was discovered in the Search Meter WordPress plugin. Version 2.13.2 and possibly earlier versions of the plugin was found to be affected. According to the reporter, the issue was reported to the plugin's author but they did not respond...
WordPress Search Meter 2.13.2 CSV Injection
Exploit Title: Wordpress Plugin Search Meter 2.13.2 - CSV Injection Google Dork: N/A Date: 2020-03-10 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://thunderguy.com/semicolon/ Software Link: https://downloads.wordpress.org/plugin/search-meter.2.13.2.zip Version: 2.13.2 Tested on:...
Wordpress Plugin Search Meter 2.13.2 - CSV injection
Wordpress Plugin Search Meter 2.13.2 - CSV injection Exploit Title: Wordpress Plugin Search Meter 2.13.2 - CSV Injection Google Dork: N/A Date: 2020-03-10 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://thunderguy.com/semicolon/ Software Link:...
Joomla! 3.9.0 < 3.9.7 - CSV Injection
!/usr/bin/python3 Exploit Title: Joomla 3.9.0 ' printf'Example: sys.argv0 http://127.0.0.1 ' sys.exit1 baseurl = sys.argv1 regurl = f"baseurl/joomla/index.php/component/users/?view=registration&Itemid=101" loginurl = f"baseurl/joomla/index.php?option=comusers" def pwnusername='abdullah': payload ...
WordPress Plugin Search Meter 2.13.2 - CSV injection
Exploit Title: Wordpress Plugin Search Meter 2.13.2 - CSV Injection Google Dork: N/A Date: 2020-03-10 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://thunderguy.com/semicolon/ Software Link: https://downloads.wordpress.org/plugin/search-meter.2.13.2.zip Version: 2.13.2 Tested on:...
Wordpress Search Meter 2.13.2 Plugin - CSV injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Search Meter 2.13.2 - CSV Injection Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://thunderguy.com/semicolon/ Software Link: https://downloads.wordpress.org/plugin/search-meter.2.13.2.zip Version...