6 matches found
WordPress Loginizer log SQLi Scanner
Loginizer wordpress plugin contains an unauthenticated timebased SQL injection in versions before 1.6.4. The vulnerable parameter is in the log parameter. Wordpress has forced updates of the plugin to all servers Module Options msf use auxiliary/scanner/http/wploginizerlogsqli msf...
WordPress Loginizer Plugin SQL injection (CVE-2020-27615)
An SQL injection vulnerability exists in WordPress Loginizer Plugin. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL statements on the affected system...
CVE-2020-27615
creationtimestamp| type| source ---|---|--- 2020-10-22 00:51:26+00:00| seen| https://t.me/cibsecurity/15509 2020-11-05 14:43:56+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/wploginizerlogsqli.rb 2025-02-06 03:13:44+00:00| seen|...
WordPress Loginizer plugin < 1.6.4 blind SQLi (CVE-2020-27615)
The Loginizer Plugin for WordPress running on the remote web server is affected by a SQL injection vulnerability due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this issue to inject or manipulate SQL queries in the back-end database, resulting ...
CVE-2020-27615
The Loginizer plugin before 1.6.4 for WordPress allows SQL injection with resultant XSS, related to loginizerloginfailed and lzvalidip...
CVE-2020-27615
The CVE-2020-27615 entry concerns the WordPress Loginizer plugin prior to 1.6.4. Affected component: loginizer_log or related backend SQL paths in the plugin. Root cause: unauthenticated SQL injection due to improper input handling (noted as via the log parameter, loginizer_login_failed, and lz_v...