3 matches found
WordPress Event Registration 6.02.02 XSS / SQL Injection
Exploit Title: WordPress Plugin event-registration 6.02.02: SQL-Injection and persistent XSS Discovery Date: 2016/03/13 Public Disclosure Date: 2016/05/09 Exploit Author: Michael Helwig Contact: https://twitter.com/c0dmtr1x | https://codemetrix.net Vendor Homepage: http://wpeventregister.com/...
WordPress Event Registration Plugin <= 5.44 - SQL Injection
Event Registration plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, alter queries to the application SQL database, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...
WordPress Event Registration 5.4.3 SQL Injection
Exploit Title: WordPress Event Registration plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0--%20 --------------- Vulnerable code --------------- $id= $REQUEST'id'; ... $sql = "SELECT FROM " . $eventsdetailtbl . " WHERE id='$id'"; $result = mysqlquery$sql;...