SQL Injection in easy2map-photos wordpress plugin v1.09

Title: SQL Injection in easy2map-photos wordpress plugin v1.09 Author: Larry W. Cashdollar, @larry0 Date: 2015-06-08 Download Site: https://wordpress.org/plugins/easy2map-photos Vendor: Steven Ellis Vendor Notified: 2015-06-08, fixed in v1.1.0 Vendor Contact:...

WordPress Easy2Map plugin directory traversal vulnerability

WordPress is the WordPress Software Foundation a set of blogging platform developed using the PHP language, the platform supports in PHP and MySQL servers to set up a personal blog site. easy2Map is one of the plug-ins to support the creation of customized Google maps . A directory traversal...

WordPress Easy2Map plugin SQL injection vulnerability

WordPress is the WordPress Software Foundation a set of blogging platform developed using the PHP language, the platform supports in PHP and MySQL servers to set up a personal blog site. easy2Map is one of the plug-ins to support the creation of customized Google maps . WordPress Easy2Map plugin...

WordPress Easy2Map Plugin 1.24 - SQL Injection Vulnerability

Exploit for php platform in category web applications Title: SQL Injection in easy2map wordpress plugin v1.24 Author: Larry W. Cashdollar, @larry0 Date: 2015-06-08 Download Site: https://wordpress.org/plugins/easy2map Vendor: Steven Ellis Vendor Notified: 2015-06-08, fixed in v1.25 Vendor Contact...

CVE-2015-4616

Directory traversal vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.2.5 for WordPress allows remote attackers to create arbitrary files via a .. dot dot in the mapid parameter...

CVE-2015-4614

Multiple SQL injection vulnerabilities in includes/Function.php in the Easy2Map plugin before 1.2.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the mapName parameter in an e2mimgsavemapname action to wp-admin/admin-ajax.php and other unspecified vectors...

CVE-2015-4614

Multiple SQL injection vulnerabilities in includes/Function.php in the Easy2Map plugin before 1.2.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the mapName parameter in an e2mimgsavemapname action to wp-admin/admin-ajax.php and other unspecified vectors...

CVE-2015-4616

Directory traversal vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.2.5 for WordPress allows remote attackers to create arbitrary files via a .. dot dot in the mapid parameter...

CVE-2015-4616

CVE-2015-4616 describes a directory traversal flaw in the WordPress Easy2Map plugin, affecting versions prior to 1.2.5. The vulnerability occurs in includes/MapPinImageSave.php where an attacker can craft the map_id parameter with a ‘..’ sequence to create arbitrary files on the server. This is r...

CVE-2015-4614

The CVE corresponds to WordPress Easy2Map plugin vulnerabilities: multiple SQL injections in includes/Function.php prior to 1.2.5, exploitable via the mapName parameter in the e2m_img_save_map_name action to wp-admin/admin-ajax.php (and related vectors). Exploitation details shown in public advis...

WordPress Easy2Map Plugin 1.24 - SQL Injection

This WordPress Easy2Map plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...

WordPress Plugin Easy2Map 1.24 - SQL Injection

WordPress Plugin Easy2Map 1.24 - SQL Injection Title: SQL Injection in easy2map wordpress plugin v1.24 Author: Larry W. Cashdollar, @larry0 Date: 2015-06-08 Download Site: https://wordpress.org/plugins/easy2map Vendor: Steven Ellis Vendor Notified: 2015-06-08, fixed in v1.25 Vendor Contact:...

WordPress Easy2Map-Photos 1.09 SQL Injection

Title: SQL Injection in easy2map-photos wordpress plugin v1.09 Author: Larry W. Cashdollar, @larry0 Date: 2015-06-08 Download Site: https://wordpress.org/plugins/easy2map-photos Vendor: Steven Ellis Vendor Notified: 2015-06-08, fixed in v1.1.0 Vendor Contact:...

WordPress Plugin Easy2Map 1.24 - SQL Injection

Title: SQL Injection in easy2map wordpress plugin v1.24 Author: Larry W. Cashdollar, @larry0 Date: 2015-06-08 Download Site: https://wordpress.org/plugins/easy2map Vendor: Steven Ellis Vendor Notified: 2015-06-08, fixed in v1.25 Vendor Contact: https://profiles.wordpress.org/stevenellis/ Advisory...

WordPress easy2map 1.24 SQL Injection

Title: SQL Injection in easy2map wordpress plugin v1.24 Author: Larry W. Cashdollar, @larry0 Date: 2015-06-08 Download Site: https://wordpress.org/plugins/easy2map Vendor: Steven Ellis Vendor Notified: 2015-06-08, fixed in v1.25 Vendor Contact: https://profiles.wordpress.org/stevenellis/ Advisory...

Easy2Map Photos <= 1.0.9 - SQL Injection

The code in Functions.php is vulnerable to SQL Injection because they are not parameterising or sanitising user input. sqlmap -u 'http://www.example.com/wp-admin/admin-ajax.php' --data="mapID=11&mapName='+or+1%3D%3D1%3B&action=e2mimgsavemapname" --cookie=COOKIEHERE --level=5 --risk=3...

Easy2Map <= 1.24 - SQL Injection

The Function.php file uses sprintf to format queries being sent to the database, this doesn't provide proper sanitisation of user input or properly parameterises the query. PoC $ sqlmap -u 'http://www.example.com/wp-admin/admin-ajax.php' --data="mapID=11='+or+1%3D%3D1%3B=e2mimgsavemapname"...

Easy2Map <= 1.24 - SQL Injection

The Function.php file uses sprintf to format queries being sent to the database, this doesn't provide proper sanitisation of user input or properly parameterises the query. $ sqlmap -u 'http://www.example.com/wp-admin/admin-ajax.php'...

Easy2Map Photos <= 1.0.9 - SQL Injection

The code in Functions.php is vulnerable to SQL Injection because they are not parameterising or sanitising user input. PoC sqlmap -u 'http://www.example.com/wp-admin/admin-ajax.php' --data="mapID=11='+or+1%3D%3D1%3B=e2mimgsavemapname" --cookie=COOKIEHERE --level=5 --risk=3...

Wordpress Plugin Easy2map Authenticated User Shell Upload/Path Disclosure

This script is able to make an authenticated arbitrary file upload vulnerability and Path Disclosure vulnerability in Easy2map Plugin in Wordpress Usage Info 1Authenticated arbitrary file Upload vulnerability While you are authenticated as administrator ,browse your file and upload it ; 2Path...