EZ SQL Reports <= 4.11.33 - Authenticated Arbitrary File Download

The plugin allows a WordPress site administrator or collaborator to download arbitrary files from the host file system though the plugin functionality of downloading .sql, .sql.zip or .sql.gz files created by the WordPress administrator. The file name to download is not sanitized and path travers...

WordPress Plugin EZ SQL Reports &lt; 4.11.37 - Multiple Vulnerabilities

Exploit Title: EZ SQL Reports Proxy-Connection: keep-alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Upgrade-Insecure-Requests: 1 User-Agent: Referer: http:///wp-admin/admin.php?page=ELISQLREPORTS-settings Accept-Encoding: gzip, deflate, sdch Accept-Language...

Sql injection

SQL injection vulnerability in the SQL Reports comsqlreport component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the userid parameter to ajax/print.php. NOTE: some of these details are obtained from third party information...

CVE-2010-0753

SQL injection vulnerability in the SQL Reports comsqlreport component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the userid parameter to ajax/print.php. NOTE: some of these details are obtained from third party information...