4 matches found
WordPress SQL注入漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on PHP and MySQL servers. A SQL injection vulnerability exists in MicroCopy WordPress plugin 1.1.0 and earlier versions, which stem...
WordPress SQL注入漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in MicroCopy WordPress plugin 1.1.0 and earlier versions. The...
WordPress MicroCopy plugin <= 1.1.0 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Syed Sheeraz Ali in WordPress MicroCopy plugin versions = 1.1.0. Solution This plugin has been closed as of May 13, 2021 and is not available for download. Reason: Security Issue...
MicroCopy <= 1.1.0 - Authenticated SQL Injection
The edit functionality in the plugin makes a get request to fetch the related option. The id parameter used is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. PoC GET...