7 matches found
CVE-2022-3142
The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured...
WordPress NEX-Forms plugin < 7.9.7 - Authenticated SQL injection Vulnerability
Exploit Title: NEX-Forms WordPress plugin =3D 5.0.12 AND time-based blind query SLEEP Payload: page=3Dnex-forms-dashboard&formid=3D1 AND SELECT 4715 FROM SELECTSLEEP5nPUi...
WordPress NEX-Forms SQL Injection
Exploit Title: NEX-Forms WordPress plugin =3D 5.0.12 AND time-based blind query SLEEP Payload: page=3Dnex-forms-dashboard&formid=3D1 AND SELECT 4715 FROM SELECTSLEEP5nPUi...
NEX-Forms WordPress plugin < 7.9.7 - Authenticated SQLi
Exploit Title: NEX-Forms WordPress plugin =5.0.12 AND time-based blind query SLEEP Payload: page=nex-forms-dashboard&formid=1 AND SELECT 4715 FROM SELECTSLEEP5nPUi...
CVE-2022-3142
creationtimestamp| type| source ---|---|--- 2022-09-19 18:38:07+00:00| seen| https://t.me/cibsecurity/50038 2023-03-25 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/51042...
CVE-2022-3142 NEX-Forms < 7.9.7 - Authenticated SQLi
The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured...
CVE-2022-3142
Affected software: NEX-Forms WordPress plugin, versions before 7.9.7. Vulnerability: SQL injection due to improper sanitisation/escaping of user input used in SQL statements. Exploitation requires permissions to view the forms statistics chart (by default administrators), with potential to be con...