8 matches found
Wordpress Secure Copy Content Protection And Content Locking Sccp_id Unauthenticated SQL Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Secure Copy Content Protection and Content Locking sccpid Unauthenticated SQLi', 'Description' = %q Secure Copy Content Protection and...
Metasploit Weekly Wrap-Up
This week’s Metasploit Framework release brings us seven new modules. IP Camera Exploitation Rapid7’s Jacob Baines was busy this week with two exploit modules that target IP cameras. The first module exploits an authenticated file upload on Axis IP cameras. Due to lack of proper sanitization, an...
Wordpress Secure Copy Content Protection and Content Locking sccp_id Unauthenticated SQLi
Secure Copy Content Protection and Content Locking, a WordPress plugin, prior to 2.8.2 is affected by an unauthenticated SQL injection via the sccpid parameter. Remote attackers can exploit this vulnerability to dump usernames and password hashes from thewpusers table of the affected WordPress...
WordPress Plugin Secure Copy Content Protection and Content Locking 2.8.1 - SQL-Injection (Unauthenticated)
Exploit Title: WordPress Plugin Secure Copy Content Protection and Content Locking 2.8.1 - SQL-Injection Unauthenticated Date 08.02.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://ays-pro.com/ Software Link:...
WordPress Secure Copy Content Protection And Content Locking 2.8.1 SQL Injection
Exploit Title: WordPress Plugin Secure Copy Content Protection and Content Locking 2.8.1 - SQL-Injection Unauthenticated Date 08.02.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://ays-pro.com/ Software Link:...
CVE-2021-24931
creationtimestamp| type| source ---|---|--- 2021-12-06 18:20:47+00:00| seen| https://t.me/cibsecurity/33377 2022-02-24 22:14:11+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/wpsecurecopycontentprotectionsqli.rb 2023-04-27 09:58:59+00:00|...
CVE-2021-24931 Secure Copy Content Protection and Content Locking < 2.8.2 - Unauthenticated SQL Injection
The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccpid parameter of the ayssccpresultsexportfile AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an SQL injection...
CVE-2021-24931
The WordPress plugin Secure Copy Content Protection and Content Locking (versions before 2.8.2) is affected by an SQL injection due to unsafely using the sccp_id parameter of the ays_sccp_results_export_file AJAX action. The vulnerability is exploitable by unauthenticated users and can lead to un...