WordPress Photoracer plugin <= 1.0 - SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress Photoracer plugin = 1.0 SQL Injection Vulnerability Google Dork: inurl:wp-content/plugins/photoracer/viewimg.php Date: 2011-08-26 Author: evilsocket evilsocket at gmail dot com Software Link: http://wordpress.org/extend/plugins/photorace...

WordPress Photoracer plugin <= 1.0 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress Photoracer plugin prefix."photoracer where imgid=$imgid"; $out = $wpdb-getrow$q1; --- PoC --- http://www.site.com/wp-content/plugins/photoracer/viewimg.php?id=-1 UNION SELECT 0,1,2,3,4,VERSION,6,7,8 0day.today 2018-03-...

Cmsez(with easy)total Station system vulnerabilities, 0day analysis-vulnerability warning-the black bar safety net

Affected versions: Cmsez Web Content Manage System v2. 0. 0 Vulnerability description: File: comments.php viewimg.php Code: --------------- ? //comments include "mainfile.php"; $art=new article; //set $confirm='yes';//yes:need administrator authentication to the display,n is displayed directly in...

Cmsez(with easy)the whole Station system of 0day-vulnerability warning-the black bar safety net

Program name: Cmsez Web Content Manage System v2. 0. 0 File: comments.php viewimg.php Code: --------------- ? //comments include "mainfile.php"; $art=new article; //Set $confirm='yes';//yes:need administrator authentication to the display,n is displayed directly $member=new member;...

Sql injection

SQL injection vulnerability in viewimg.php in the Paolo Palmonari Photoracer plugin 1.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2009-2122

CVE-2009-2122 affects the WordPress Photoracer plugin 1.0, with a SQL injection in viewimg.php via the id parameter that allows remote execution of arbitrary SQL commands. Impact is partial confidentiality/integrity/availability per the CVSS. Public references show exploitation (e.g., Exploit-DB)...

WordPress Photoracer Plugin 1.0 - SQL Injection Vulnerability

SQL injection vulnerability found in viewimg.php line 16. It allows the attacker to execute arbitrary commands via the 'imgid' parameter against the database. Solution Update plugin...

Cmsez(with easy)the whole Station system of 0day-vulnerability warning-the black bar safety net

零 客 网络 安全 小组 www.0kee.com”or in a super-connected in the manner indicated ---------------------------------Ash is often not slutty cut the JJ line------------------------------- Program name: Cmsez Web Content Manage System v2. 0. 0 Vulnerability found: the little handsomehandsome Published time:...

Cmsez(随易)全站系统 0day

漏洞文件：comments.php viewimg.php ? //comments include "mainfile.php"; $art=new article; //设定 $confirm='yes';//yes:需要管理员认证后才能显示,no:直接显示 $member=new member; $userinfo=$member-memberauth; $ulevel=$userinfouserlevel; 设置 $action = $REQUESTaction; $page="10";// $needuser = "0";// $id = $REQUESTid;//...

CVE-2004-1543

CVE-2004-1543 describes a directory traversal vulnerability in KorWeblog (viewimg.php) that affects version 1.6.2-cvs and earlier. The root cause is accepting a path parameter containing a “..” sequence, enabling remote attackers to list arbitrary directories. The issue is publicly documented by ...