WordPress Plugin JTRT Responsive Tables 4.1 - SQL Injection

WordPress Plugin JTRT Responsive Tables 4.1 - SQL Injection Exploit Title: JTRT Responsive Tables 4.1 – WordPress Plugin – Sql Injection Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/jtrt-responsive-tables/ Software Link:...

JTRT Responsive Tables <= 4.1 – Authenticated SQL Injection

Type user access: single user. $POST‘tableId’ is not escaped. File / Code: Path: /wp-content/plugins/jtrt-responsive-tables/admin/class-jtrt-responsive-tables-admin.php Line : 183 $getTableId = $POST'tableId'; ... $retrievedata = $wpdb-getresults "SELECT FROM $jtrttablesname WHERE jttableIDD = "...

JTRT Responsive Tables <= 4.1 – Authenticated SQL Injection

Type user access: single user. $POST‘tableId’ is not escaped. File / Code: Path: /wp-content/plugins/jtrt-responsive-tables/admin/class-jtrt-responsive-tables-admin.php Line : 183 $getTableId = $POST'tableId'; ... $retrievedata = $wpdb-getresults "SELECT FROM $jtrttablesname WHERE jttableIDD = "...

WordPress JTRT Responsive Tables 4.1 SQL Injection

Exploit Title: JTRT Responsive Tables 4.1 a WordPress Plugin a Sql Injection Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/jtrt-responsive-tables/ Software Link: https://wordpress.org/plugins/jtrt-responsive-tables/ Contact: http://twitter.com/lenonleite Website:...

WordPress Plugin JTRT Responsive Tables 4.1 - SQL Injection

Exploit Title: JTRT Responsive Tables 4.1 – WordPress Plugin – Sql Injection Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/jtrt-responsive-tables/ Software Link: https://wordpress.org/plugins/jtrt-responsive-tables/ Contact: http://twitter.com/lenonleite Website:...

Responsive Newspaper Magazine&Blog CMS SQL Injection Vulnerability

Responsive Newspaper Magazine&Blog CMS is a content management system mainly used for information websites. A SQL injection vulnerability exists in Responsive Newspaper Magazine&Blog CMS version 1.0. A remote attacker can inject SQL commands by sending the 'id' parameter to the...

CVE-2017-15981

CVE-2017-15981 affects the Text/Content CMS “Responsive Newspaper Magazine & Blog CMS 1.0.” The vulnerability is SQL Injection via the id parameter on admin/admin_process.php during form editing. It is confirmed in multiple sources (NVD entry; related advisories and exploit references) and is exp...

ZKTime Web Software 2.0 - Cross-Site Request Forgery Vulnerability

Exploit for windows platform in category web applications Exploit Title: ZKTime Web Software 2.0 - Cross Site Request Forgery CVE-ID: CVE-2017-13129 Vendor Homepage: https://www.zkteco.com/product/ZKTimeWeb2.0435.html Vendor of Product: ZKTeco Affected Product Code: ZKTime Web - 2.0.1.12280...

CVE-2017-14125

SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an addedittheme task in the wpdevartgallerythemes page to wp-admin/admin.php...

WordPress Responsive Image Gallery Plugin SQL Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL server set up a personal blog site.Responsive Image Gallery plugin is one of the image management plugin. A SQL injection vulnerability exists in WordPre...

WordPress Responsive Image Gallery 1.1.8 SQL Injection Vulnerability

WordPress Responsive Image Gallery plugin version 1.1.8 suffers from a remote SQL injection vulnerability. ============================================= - Discovered by: Manuel GarcAa CA!rdenas - Severity: 7,1/10 CVSS Base Score - CVE-ID: CVE-2017-14125 ===========================================...

WordPress rk-responsive-contact-form SQL Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers. rk-responsive-contact-form is one of the responsive contact form plugin. A SQL injection vulnerability exists in...

CVE-2017-1002027

Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn't sanitized before being passed into an SQL query in file ./rk-responsive-contact-form/include/rkuserlist.php...

CVE-2017-1002027

CVE-2017-1002027 affects the WordPress plugin rk-responsive-contact-form v1.0. The root cause is SQL injection in rk_user_list.php where the parameter $delid is not sanitized before inclusion in a query. Public references describe this as an Authenticated Blind SQL Injection (WPVulndb) and the NV...

Joomla Responsive Portfolio 1.6.1 Component - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Joomla! Component RPC - Responsive Portfolio 1.6.1 - SQL Injection Dork: N/A Date: 25.08.2017 Vendor Homepage: https://extro.media/ Software Link: https://extensions.joomla.org/extension/rpc-responsive-portfolio/ Demo:...

Joomla! Component Responsive Portfolio 1.6.1 - SQL Injection

Joomla! Component Responsive Portfolio 1.6.1 - SQL Injection Exploit Title: Joomla! Component RPC - Responsive Portfolio 1.6.1 - SQL Injection Dork: N/A Date: 25.08.2017 Vendor Homepage: https://extro.media/ Software Link: https://extensions.joomla.org/extension/rpc-responsive-portfolio/ Demo:...

Joomla! Component Responsive Portfolio 1.6.1 - SQL Injection

Exploit Title: Joomla! Component RPC - Responsive Portfolio 1.6.1 - SQL Injection Dork: N/A Date: 25.08.2017 Vendor Homepage: https://extro.media/ Software Link: https://extensions.joomla.org/extension/rpc-responsive-portfolio/ Demo: https://demo.extro.media/responsive-joomla-extensions-en/video-...

CVE-2017-12977

CVE-2017-12977 affects the Web-Dorado Photo Gallery by WD – Responsive Photo Gallery WordPress plugin prior to 1.3.51. The vulnerability is a SQL injection in bwg_edit_tag() (photo-gallery.php) and edit_tag() (admin/controllers/BWGControllerTags_bwg.php) that is exploitable by administrators via ...

WordPress Photo Gallery by WD - Responsive Photo Gallery SQL Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Photo Gallery by WD - Responsive Photo Gallery is one of the image management plugin. A SQL injection vulnerabilit...

CVE-2017-7783

If a long user name is used in a username/password combination in a site URL such as " http://UserName:[email protected]", the resulting modal prompt will hang in a non-responsive state or crash, causing a denial of service. This vulnerability affects Firefox 55...