16 matches found
EUVD-2014-9335
Malware in sbrugna...
EUVD-2014-9334
Malware in sbrugna...
EUVD-2014-9336
Malware in sbrugna...
CVE-2020-28642
In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset code, which makes it easier for remote attackers to conduct admin Account Takeover attacks...
CVE-2014-9519
SQL injection vulnerability in login.php in InfiniteWP Admin Panel before 2.4.3 allows remote attackers to execute arbitrary SQL commands via the email parameter...
CVE-2014-9521
Unrestricted file upload vulnerability in uploadScript.php in InfiniteWP Admin Panel before 2.4.4, when the allWPFiles query parameter is set, allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the...
CVE-2014-9520
SQL injection vulnerability in execute.php in InfiniteWP Admin Panel before 2.4.4 allows remote attackers to execute arbitrary SQL commands via the historyID parameter...
CVE-2014-9520
SQL injection vulnerability in execute.php in InfiniteWP Admin Panel before 2.4.4 allows remote attackers to execute arbitrary SQL commands via the historyID parameter...
Unrestricted file upload
Unrestricted file upload vulnerability in uploadScript.php in InfiniteWP Admin Panel before 2.4.4, when the allWPFiles query parameter is set, allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the...
Sql injection
SQL injection vulnerability in execute.php in InfiniteWP Admin Panel before 2.4.4 allows remote attackers to execute arbitrary SQL commands via the historyID parameter...
CVE-2014-9520
SQL injection vulnerability in execute.php in InfiniteWP Admin Panel before 2.4.4 allows remote attackers to execute arbitrary SQL commands via the historyID parameter...
CVE-2014-9521
Unrestricted file upload vulnerability in uploadScript.php in InfiniteWP Admin Panel before 2.4.4, when the allWPFiles query parameter is set, allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the...
CVE-2014-9521
CVE-2014-9521 affects InfiniteWP Admin Panel (older than 2.4.4). The vulnerability is an unrestricted file upload in uploadScript.php when the allWPFiles parameter is set, enabling remote code execution by uploading a file with a double extension (e.g., .php.swp) and then invoking it via a direct...
CVE-2014-9520
CVE-2014-9520 affects InfiniteWP Admin Panel prior to 2.4.4, with a SQL injection in execute.php via the historyID parameter that could allow remote attackers to execute arbitrary SQL commands. This is the stated vulnerability in multiple sources; no exploit details are provided in the documents....
CVE-2014-9519
CVE-2014-9519 describes an SQL injection in the InfiniteWP Admin Panel, specifically in login.php, exploited through the email parameter to allow remote attackers to execute arbitrary SQL commands. Affected software is the InfiniteWP Admin Panel prior to version 2.4.3. The NVD entry assigns a bas...
CVE-2014-9519
SQL injection vulnerability in login.php in InfiniteWP Admin Panel before 2.4.3 allows remote attackers to execute arbitrary SQL commands via the email parameter...