CVE-2023-5414 Icegram Express <= 5.6.23 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read

The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the showeslogs function. This allows administrator-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information including...

CVE-2023-5414

CVE-2023-5414 : Icegram Express (WordPress)

CVE-2023-5414 Icegram Express <= 5.6.23 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read

The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the showeslogs function. This allows administrator-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information including...

WordPress Plugin Icegram Express Path Traversal Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Icegram Express < 5.6.24 - Admin+ Directory Traversal

Description The plugin is not validating the paths of files contained in uploaded zip archives, allowing highly privileged users, such as admins, to write arbitrary files to any part of the file system accessible by the web server via a path traversal vector...

PT-2023-32088 · WordPress · Icegram Express

Name of the Vulnerable Software and Affected Versions: Icegram Express plugin for WordPress versions up to, and including, 5.6.23 Description: The issue allows administrator-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information, including...

CVE-2022-3981

The Icegram Express WordPress plugin before 5.5.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscriber...

CVE-2022-3981

The Icegram Express WordPress plugin before 5.5.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscriber...

Sql injection

The Icegram Express WordPress plugin before 5.5.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscriber...

CVE-2022-3981 Icegram Express < 5.5.1 - Subscriber+ SQLi

The Icegram Express WordPress plugin before 5.5.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscriber...

CVE-2022-3981

The CVE-2022-3981 entry concerns the Icegram Express WordPress plugin prior to version 5.5.1. Affected component: the plugin’s SQL statements, where improper sanitization/escaping of a parameter enables a SQL injection. Root cause: unsanitized input used in SQL queries; impact: high (CVE details ...

CVE-2022-3981 Icegram Express < 5.5.1 - Subscriber+ SQLi

The Icegram Express WordPress plugin before 5.5.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscriber...

PT-2022-25007 · WordPress · Icegram Express

Name of the Vulnerable Software and Affected Versions: Icegram Express WordPress plugin versions prior to 5.5.1 Description: The issue arises from improper sanitization and escaping of a parameter used in a SQL statement, resulting in a SQL injection that can be exploited by any authenticated use...

WordPress plugin Icegram Express SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...

Icegram Express < 5.5.1 - Subscriber+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscriber PoC Open the below URL when logged in as a subscriber and notice the 5s delay...

Icegram Express < 5.5.1 - Subscriber+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscriber Open the below URL when logged in as a subscriber and notice the 5s delay...