10 matches found
CVE-2021-24946
The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mecloadsinglepage AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue...
WordPress Modern Events Calendar SQL Injection Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Modern Events Calendar SQLi Scanner', 'Description' = %q Modern Events Calendar plugin contains an unauthenticated timebased SQL...
Metasploit Weekly Wrap-Up
This week’s Metasploit Framework release brings us seven new modules. IP Camera Exploitation Rapid7’s Jacob Baines was busy this week with two exploit modules that target IP cameras. The first module exploits an authenticated file upload on Axis IP cameras. Due to lack of proper sanitization, an...
CVE-2021-24946
creationtimestamp| type| source ---|---|--- 2022-02-28 18:48:53+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/wpmoderneventscalendarsqli.rb 2025-02-06 03:13:45+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:10:35+00:00...
WordPress Modern Events Calendar V 6.1 Plugin - SQL Injection (Unauthenticated) Exploit
Exploit Title: WordPress Plugin Modern Events Calendar V 6.1 - SQL Injection Unauthenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://webnus.net/modern-events-calendar/ Software Link: https://downloads.wordpress.org/plugin/modern-events-calendar-lite.6.1.0.zip Version: = 6.1...
WordPress Modern Events Calendar 6.1 SQL Injection
Exploit Title: WordPress Plugin Modern Events Calendar V 6.1 - SQL Injection Unauthenticated Date 26.01.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://webnus.net/modern-events-calendar/ Software Link: https://downloads.wordpress.org/plugin/modern-events-calendar-lite.6.1.0.zi...
WordPress Modern Events Calendar Lite Plugin < 6.1.5 Multiple Vulnerabilities
The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
CVE-2021-24946
The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mecloadsinglepage AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue...
CVE-2021-24946
The CVE-2021-24946 issue affects the WordPress plugin Modern Events Calendar Lite (before version 6.1.5). The vulnerability is a SQL injection in the mec_load_single_page AJAX action caused by improper sanitisation/escapING of the time parameter, exploitable by unauthenticated users. Descriptions...
CVE-2021-24946 Modern Events Calendar < 6.1.5 - Unauthenticated Blind SQL Injection
The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mecloadsinglepage AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue...