4 matches found
CVE-2021-25094
The Tatsu WordPress plugin before 3.3.12 addcustomfont action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By adding a PHP shell with a filename starting with a dot ".", this can bypass extension control...
LibrettoCMS 2.2.2 - Arbitrary File Upload
No description provided by source. Exploit Title : LibrettoCMS 2.2.2 Malicious File Upload Date : 14 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://libretto.artwebonline.com/ Software Link :...
WSN Links SQL Injection Vulnerability
No description provided by source. 'WSN Links' SQL Injection Vulnerability CVE-2010-4006 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in the search.php code that allows for SQL injection of various parameters. By assemblin...
WSN Links SQL Injection Vulnerability
Exploit for php platform in category web applications ===================================== WSN Links SQL Injection Vulnerability ===================================== I. DESCRIPTION --------------------------------------- A vulnerability exists in the search.php code that allows for SQL injectio...