WordPress Symposium Plugin SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Symposium Plugin SQL Injection', 'Description' = %q This module exploits a SQL injection vulnerability in the WP Symposium plugin befor...

CVE-2015-9414

The wp-symposium plugin through 15.8.1 for WordPress has XSS via the wp-content/plugins/wp-symposium/getalbumitem.php?size parameter...

CVE-2015-9414

The wp-symposium plugin through 15.8.1 for WordPress has XSS via the wp-content/plugins/wp-symposium/getalbumitem.php?size parameter...

WordPress WP Symposium插件SQL注入漏洞

WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台，该平台支持在PHP和MySQL的服务器上架设个人博客网站。WP Symposium是其中的一个社交网络插件。WordPress WP Symposium插件 15.8之前版本中 存在 SQL注入漏洞 .该漏洞源于getalbumitem.php脚本没有充分过滤‘size’参数。远程攻击者可利用该漏洞执行任意SQL命令。CNNVD编号： CNNVD-201508-432CVE编号： CVE-2015-6522...

WordPress WP Symposium Plugin SQL Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL.WP Symposium is one of the social networking plug-ins. A SQL injection vulnerability exists in WordPress WP Symposium plugin...

CVE-2015-6522

SQL injection vulnerability in the WP Symposium plugin before 15.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the size parameter to getalbumitem.php...

Sql injection

SQL injection vulnerability in the WP Symposium plugin before 15.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the size parameter to getalbumitem.php...

WP Symposium <= 15.5.1 - Unauthenticated SQL Injection

Wordpress plugin wp-symposium version 15.5.1 and probably all existing previous versions suffers from an unauthenticated SQL Injection in getalbumitem.php, parameter 'size'. The issue is exploitable even if the plugin is deactivated. PoC PoC URL :...