Privilege Escalation

WordPress is vulnerable to privilege escalation attacks. The attacks are possible through changing the userID parameter in wp-admin/includes/post.php, allowing any authenticated users to create a post as if written by another user...

Upworthy Clone Script 1.1.0 - id SQL Injection

Upworthy Clone Script 1.1.0 - id SQL Injection Exploit Title: Flippy BuzzWorthy – Upworthy Clone Script v1.1.0 - SQL Injection Google Dork: N/A Date: 06.02.2017 Vendor Homepage: https://www.flippyscripts.com/ Software Buy: https://www.flippyscripts.com/flippy-buzzworthy-upworthy-clone-script/ Dem...

Upworthy Clone Script 1.1.0 - 'id' SQL Injection

Exploit Title: Flippy BuzzWorthy – Upworthy Clone Script v1.1.0 - SQL Injection Google Dork: N/A Date: 06.02.2017 Vendor Homepage: https://www.flippyscripts.com/ Software Buy: https://www.flippyscripts.com/flippy-buzzworthy-upworthy-clone-script/ Demo: http://buzzworthy.flippydemos.com/ Version:...

Funny Image and Video Script 2.0.0 - 'id' SQL Injection

Exploit Title: Flippy ChillOut – Funny Image and Video Script v2.0.0 - SQL Injection Google Dork: N/A Date: 06.02.2017 Vendor Homepage: https://www.flippyscripts.com/ Software Buy: https://www.flippyscripts.com/flippy-chillout-funny-image-and-video-script/ Demo: http://chillout.flippydemos.com/...

VbmCMS system post.php file the catid parameter SQL injection vulnerability

No description provided by source...

VBcms /post.php SQL注入

No description provided by source...

CVE-2015-3273

mod/forum/post.php in Moodle 2.9.x before 2.9.1 does not consider the mod/forum:canposttomygroups capability before authorizing "Post a copy to all groups" actions, which allows remote authenticated users to bypass intended access restrictions by leveraging per-group authorization...

CVE-2015-2213

SQL injection vulnerability in the wpuntrashpostcomments function in wp-includes/post.php in WordPress before 4.2.4 allows remote attackers to execute arbitrary SQL commands via a comment that is mishandled after retrieval from the trash...

WordPress 4.2.3 and earlier SQL Injection Vulnerability

Exploit for php platform in category web applications A potential SQL injection that could be used to compromise a site FIX: trunk/src/wp-includes/post.php foreach $groupbystatus as $status = $comments // Sanity check. This shouldn't happen. - if 'post-trashed' == $status + if 'post-trashed' ==...

DEBIAN-CVE-2015-5623

WordPress before 4.2.3 does not properly verify the editposts capability, which allows remote authenticated users to bypass intended access restrictions and create drafts by leveraging the Subscriber role, as demonstrated by a post-quickdraft-save action to wp-admin/post.php...

CVE-2015-4064

SQL injection vulnerability in modules/module.ab-testing.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the post parameter in an edit delete-variation action to wp-admin/post.php...

Sql injection

SQL injection vulnerability in modules/module.ab-testing.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the post parameter in an edit delete-variation action to wp-admin/post.php...

CVE-2015-4064

SQL injection vulnerability in modules/module.ab-testing.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the post parameter in an edit delete-variation action to wp-admin/post.php...

WordPress Car Demon Plugin <= 1.0.1 - Cross Site Scripting

This plugin is prone to a cross site scripting vulnerability in /wp-admin/post.php and /wp-admin/edit.php multiple parameters. Solution Update the plugin...

CVE-2015-1494

The FancyBox for WordPress plugin before 3.0.3 for WordPress does not properly restrict access, which allows remote attackers to conduct cross-site scripting XSS attacks via an mfbfw parameter in an update action to wp-admin/admin-post.php, as demonstrated by the mfbfwpadding parameter and...

Sql injection

Multiple SQL injection vulnerabilities in cdnvote-post.php in the cdnvote plugin before 0.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the 1 cdnvotepostid or 2 cdnvotepoint parameter...

Qibo Menhu /2shou/post.php SQL注入漏洞

No description provided by source...

qibocms地方门户系统注入（多处类似,demo测试)

简要描述： 初始化啊 初始化。 详细说明： 很多类似的 随便找个地方把。 首先注册个会员。 在dianping/post.php中 if$action=="postnew" if$webdbForbidPostMore if$db-getone"SELECT FROM $precontent WHERE uid='$lfjuid' LIMIT 1" showerr"系统设置每人只能发布一个商铺!"; if!checkrandnum$POST"$webdbrandnuminputname" showerr"系统随机码失效,请返回,刷新一下页面,再重新输入数据,重新提交!";...

QiboCMS v7 /member/post.php SQL注入漏洞

No description provided by source...

NOSpamPTI 2.1 - wp-comments-post.php comment_post_ID Parameter SQL Injection

The nospampti WordPress plugin was affected by a wp-comments-post.php commentpostID Parameter SQL Injection security vulnerability...