The WordPress plug-in 'UserPro' uses a Instagram library (Instagram PHP API V2 by cosenary) that is vulnerable for Reflected Cross-Site Scripting (XSS). There is more vulnerable code in 'UserPro' core, might release that later. As of today (25 August 2019) this issue is unfixed. Vulnerable code: (success.php on line 36) if (isset($_GET['error'])) { echo 'An error occurred: ' . $_GET['error_description']; } > https://github.com/cosenary/Instagram-PHP-API/blob/master/example/success.php#L36 Proof-of-Concept: https://domain.tld/wp-content/plugins/userpro/lib/instagram/vendor/cosenary/instagram/example/success.php?error=&error_description=<PAYLOAD>
Wordpress Plugin Import Export WordPress Users version 1.3.1. and before are affected by Remote Code Execution through the CSV injection vulnerability. This allows any application user to inject commands as part of the fields of his profile and these commands are executed when a user with greater privilege exports the data in CSV and opens that file on his machine. The function do_export() from WF_CustomerImpExpCsv_Exporter class does not check if fields beggings with (=, +, -, @) characters so the fields name, surname, alias or display_name are vulnerable to CSV Injection.
The term Listserv has been used to refer to electronic mailing list software applications in general, but is more properly applied to a few early instances of such software, which allows a sender to send one email to the list, and then transparently sends it on to the addresses of the subscribers to the list. The vulnerability exists in the wa.exe script, which allows an attacker to inject malicious payloads into the OK parameter. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of the restricted directory on the remote server.
Pulse Secure SSL VPN file disclosure via specially crafted HTTP resource requests. This exploit reads /etc/passwd as a proof of concept. This vulnerability affect ( 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4
WordPress plugin WP Add Mime Types plugin 2.2.1 is vulnerable to CWE-352. A malicious link can be shared to the plugin user which, once clicked, will automatically update the mime type. A POC is shared to allow exe files (application/x-msdownload) to be uploaded.
The parameters 'User' as well as 'pass' of the user registration function are vulnerable to SQL injection vulnerabilities. By submitting an HTTP POST request to the URL '/objects/userCreate.json.php' an attacker can access the database and read the hashed credentials of an administrator for example. Methods for DB-Extraction are: Boolean-based blind, Error-based, AND/OR time-based blind.
This vulnerability allows an unauthenticated attacker to execute arbitrary commands on the vulnerable system. It is based on a Metasploit module and was discovered by Fernando A. Lagos B. (Zerial). The exploit sends a flag by a echo command then grep it. If match, target is vulnerable.
Neo Billing is an accounting, invoicing and CRM PHP script, with over 500 installations. Due to improper input fields data filtering, version 3.5 (and possibly previous versions), are affected by a stored XSS vulnerability. An attacker can inject malicious code into 'Subject' or 'Description' text fields and the code is stored.
This vulnerability allows an attacker to bypass authentication and read login/passwords in clear text. It affects FortiOS versions 5.6.3 to 5.6.7 and FortiOS 6.0.0 to 6.0.4. An attacker can use a specially crafted URL to leak information from the FortiOS device.
Services By CQR