7 matches found
CVE-2021-24786
The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue...
WordPress Download Monitor WordPress 4.4.4 SQL Injection
Exploit Title: Wordpress Plugin Download Monitor WordPress V 4.4.4 - SQL Injection Authenticated Date 28.01.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.download-monitor.com/ Software Link: https://downloads.wordpress.org/plugin/download-monitor.4.4.4.zip Version: 4.4.5...
Wordpress Download Monitor Plugin WordPress V 4.4.4 - SQL Injection (Authenticated) Exploit
Exploit Title: Wordpress Plugin Download Monitor WordPress V 4.4.4 - SQL Injection Authenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.download-monitor.com/ Software Link: https://downloads.wordpress.org/plugin/download-monitor.4.4.4.zip Version: 4.4.5 Tested on: Ubun...
Wordpress Plugin Download Monitor WordPress V 4.4.4 - SQL Injection (Authenticated)
Exploit Title: Wordpress Plugin Download Monitor WordPress V 4.4.4 - SQL Injection Authenticated Date 28.01.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.download-monitor.com/ Software Link: https://downloads.wordpress.org/plugin/download-monitor.4.4.4.zip Version: 4.4.5...
CVE-2021-24786
The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue...
CVE-2021-24786
The CVE-2021-24786 advisory concerns the WordPress plugin Download Monitor (versions before 4.4.5). It describes an SQL injection vulnerability in the orderby parameter used in logs queries due to insufficient validation/escaping, enabling authenticated administrators to append arbitrary SQL and ...
CVE-2021-24786 Download Monitor < 4.4.5 - Admin+ SQL Injection
The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue...