34 matches found
Exploit for SQL Injection in Getperfectsurvey Perfect_Survey
exploitcve-2021-24762 This repo shows an exploit to CVE-2021-...
EUVD-2021-11677
Malware in sbrugna...
CVE-2021-24762
The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the questionid GET parameter before using it in a SQL statement in the getquestion AJAX action, allowing unauthenticated users to perform SQL injection...
CVE-2021-24764
The Perfect Survey WordPress plugin before 1.5.2 does not sanitise and escape multiple parameters id and filterssessionid of singlestatistics page, type and message of importexport page before outputting them back in pages/attributes in the admin dashboard, leading to Reflected Cross-Site Scripti...
CVE-2021-24765
The Perfect Survey WordPress plugin through 1.5.2 does not validate and escape the X-Forwarded-For header value before outputting it in the statistic page when the Anonymize IP setting of a survey is turned off, leading to a Stored Cross-Site Scripting issue...
VulnCheck KEV: CVE-2021-24762
The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the questionid GET parameter before using it in a SQL statement in the getquestion AJAX action, allowing unauthenticated users to perform SQL injection...
WordPress Perfect Survey Plugin - 1.5.1 - SQL injection (Unauthenticated) Exploit
Exploit Title: WordPress Plugin Perfect Survey - 1.5.1 - SQLi Unauthenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.getperfectsurvey.com/ Software Link: https://web.archive.org/web/20210817031040/https://downloads.wordpress.org/plugin/perfect-survey.1.5.1.zip Version:...
WordPress Perfect Survey 1.5.1 SQL Injection
Exploit Title: WordPress Plugin Perfect Survey - 1.5.1 - SQLi Unauthenticated Date 18.02.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.getperfectsurvey.com/ Software Link:...
WordPress Plugin Perfect Survey - 1.5.1 - SQLi (Unauthenticated)
Exploit Title: WordPress Plugin Perfect Survey - 1.5.1 - SQLi Unauthenticated Date 18.02.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.getperfectsurvey.com/ Software Link:...
WordPress Perfect Survey plugin cross-site scripting vulnerability
WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. WordPress Perfect Survey plugin in version 1.5.2 and prior versions suffers from a cross-site scripting vulnerability that stems from not validating and escaping the X-Forwarded-For header value,...
WordPress Perfect Survey插件SQL注入漏洞
WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language.The WordPress Perfect Survey plugin has a SQL injection vulnerability in versions prior to 1.5.2, which stems from the lack of validation of externally entered SQL statements in database-based...
WordPress Perfect Survey plugin cross-site request forgery vulnerability
WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. WordPress Perfect Survey plugin in versions prior to 1.5.2 has a cross-site request forgery vulnerability, which stems from the absence of CSRF in the saveglobalsetting AJAX action check, an...
CVE-2021-24762
The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the questionid GET parameter before using it in a SQL statement in the getquestion AJAX action, allowing unauthenticated users to perform SQL injection...
CVE-2021-24765
The Perfect Survey WordPress plugin through 1.5.2 does not validate and escape the X-Forwarded-For header value before outputting it in the statistic page when the Anonymize IP setting of a survey is turned off, leading to a Stored Cross-Site Scripting issue...
CVE-2021-24762
The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the questionid GET parameter before using it in a SQL statement in the getquestion AJAX action, allowing unauthenticated users to perform SQL injection...
CVE-2021-24764
The Perfect Survey WordPress plugin before 1.5.2 does not sanitise and escape multiple parameters id and filterssessionid of singlestatistics page, type and message of importexport page before outputting them back in pages/attributes in the admin dashboard, leading to Reflected Cross-Site Scripti...
CVE-2021-24765
The Perfect Survey WordPress plugin through 1.5.2 does not validate and escape the X-Forwarded-For header value before outputting it in the statistic page when the Anonymize IP setting of a survey is turned off, leading to a Stored Cross-Site Scripting issue...
Sql injection
The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the questionid GET parameter before using it in a SQL statement in the getquestion AJAX action, allowing unauthenticated users to perform SQL injection...
Cross site scripting
The Perfect Survey WordPress plugin through 1.5.2 does not validate and escape the X-Forwarded-For header value before outputting it in the statistic page when the Anonymize IP setting of a survey is turned off, leading to a Stored Cross-Site Scripting issue...
CVE-2021-24765
The CVE-2021-24765 issue affects the WordPress Perfect Survey plugin up to version 1.5.2. The root cause is failure to validate/escape the X-Forwarded-For header when Anonymize IP is off, allowing Stored Cross-Site Scripting on the statistic page. Affected component: the plugin’s statistic page r...