Popup Like box - Page Plugin < 3.5.3 - Authenticated Blind SQL Injections

The getfblikeboxes function in the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard SQLMAP: python sqlmap.py -r r.txt -p orderby --level 5 --risk 3 --dbms MySQ...

Secure Copy Content Protection and Content Locking < 2.6.7 - Authenticated Blind SQL Injections

The getreports function in the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard PoC SQLMAP: python sqlmap.py -r r.txt -p orderby --level 5 --risk 3 --dbms MySQ...

Popup box < 2.3.4 - Authenticated Blind SQL Injections

The getayspopupboxes and getpopupcategories functions of the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard Exploit All of them with same technique. SQLMAP:...

Photo Gallery by Ays - Responsive Image Gallery < 4.4.4 - Authenticated Blind SQL Injections

The getgallerycategories and getgalleries functions in the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard SQLMAP: python sqlmap.py -r r.txt -p orderby --leve...

Popup box < 2.3.4 - Authenticated Blind SQL Injections

The getayspopupboxes and getpopupcategories functions of the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard PoC Exploit All of them with same technique...

Quiz Maker < 6.2.0.9 - Multiple Authenticated Blind SQL Injections

The plugin did not properly sanitise and escape the order and orderby parameters before using them in SQL statements, leading to SQL injection issues in the admin dashboard When we WPScanTeam confirmed the issues, more SQL Injections were identified, reported and fixed by the vendor but have not...

Poll Maker < 3.2.1 - Authenticated Blind SQL Injections

The getpollcategories, getpolls and getreports functions in the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard PoC SQLMAP: python sqlmap.py -r r.txt -p order...

FAQ Builder < 1.3.6 - Authenticated Blind SQL Injections

The getfaqs function in the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard SQLMAP: python sqlmap.py -r r.txt -p orderby --level 5 --risk 3 --dbms MySQL...

Quiz Maker < 6.2.0.9 - Multiple Authenticated Blind SQL Injections

The plugin did not properly sanitise and escape the order and orderby parameters before using them in SQL statements, leading to SQL injection issues in the admin dashboard When we WPScanTeam confirmed the issues, more SQL Injections were identified, reported and fixed by the vendor but have not...

Poll Maker < 3.2.1 - Authenticated Blind SQL Injections

The getpollcategories, getpolls and getreports functions in the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard SQLMAP: python sqlmap.py -r r.txt -p orderby...

Secure Copy Content Protection and Content Locking < 2.6.7 - Authenticated Blind SQL Injections

The getreports function in the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard SQLMAP: python sqlmap.py -r r.txt -p orderby --level 5 --risk 3 --dbms MySQL...

Portfolio Responsive Gallery < 1.1.8 - Authenticated Blind SQL Injections

The getportfolios and getportfolioattributes functions in the class-portfolio-responsive-gallery-list-table.php and class-portfolio-responsive-gallery-attributes-list-table.php files of the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to...

Image Slider by Ays - Responsive Slider and Carousel < 2.5.0 - Authenticated Blind SQL Injection

The getsliders function in the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard PoC SQLMAP: python sqlmap.py -r r.txt -p orderby --level 5 --risk 3 --dbms MySQ...

Survey Maker < 1.5.6 - Authenticated Blind SQL Injections

The getresults and getitems functions in the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard Note WPScanTeam: Other SQLi were identified when confirming the...

WordPress Poll, Survey, Questionnaire and Voting system 1.5.2 - (date_answers) Blind SQL Injection

Exploit Title: WordPress Plugin Poll, Survey, Questionnaire and Voting system 1.5.2 - 'dateanswers' Blind SQL Injection Exploit Author: inspired - Toby Jackson Blog Post: https://in-spired.xyz/wpdevart-polls-blind-sql-injection/ Vendor Homepage: https://wpdevart.com/wordpress-polls-plugin Softwar...

WordPress Plugin Poll, Survey, Questionnaire and Voting system 1.5.2 - &#039;date_answers&#039; Blind SQL Injection

Exploit Title: WordPress Plugin Poll, Survey, Questionnaire and Voting system 1.5.2 - 'dateanswers' Blind SQL Injection Date: 09/06/2021 Exploit Author: inspired - Toby Jackson Blog Post: https://in-spired.xyz/wpdevart-polls-blind-sql-injection/ Vendor Homepage:...

Stock Management System 1.0 - (user_id) Blind SQL injection Vulnerability

Exploit Title: Stock Management System 1.0 - 'userid' Blind SQL injection Authenticated Exploit Author: Riadh Benlamine rbn0x00 Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/sites/default/files/download/Warren%20Daloyan/stock.zip Version: 1.0...

Zenario CMS 8.8.52729 - &#039;cID&#039; SQL injection (Authenticated)

Exploit Title: Zenario CMS 8.8.52729 - 'cID' Blind & Error based SQL injection Authenticated Date: 05–02–2021 Exploit Author: Avinash R Vendor Homepage: https://zenar.io/ Software Link: https://github.com/TribalSystems/Zenario/releases/tag/8.8 Version: 8.8.52729 Tested on: Windows 10 Pro No OS...

Zenario CMS 8.8.52729 SQL Injection

Exploit Title: Zenario CMS 8.8.52729 - 'cID' Blind & Error based SQL injection Authenticated Date: 05–02–2021 Exploit Author: Avinash R Vendor Homepage: https://zenar.io/ Software Link: https://github.com/TribalSystems/Zenario/releases/tag/8.8 Version: 8.8.52729 Tested on: Windows 10 Pro No OS...

Sony: SQL Injection on [█████████]

The researcher reported that the login form of a Sony endpoint was susceptible to an error-based SQL injection vulnerability. The researcher intercepted a login request using BurpSuite and then used SQLMap to discover the SQL injection. Once the SQL injection vulnerability was discovered, SQLMap...