CVEs-PoC/2017/CVE-2017-16510.md at main

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-04-21 09:56:14 +02:00

Files

T

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

1.2 KiB

Raw Permalink Blame History

CVE-2017-16510

Description

WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than CVE-2017-14723.

POC

Reference

https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html

Github

https://github.com/20142995/nuclei-templates
https://github.com/ARPSyndicate/cvemon
https://github.com/Afetter618/WordPress-PenTest
https://github.com/CeCe2018/Codepath
https://github.com/CeCe2018/Codepath-Week-7-Alternative-Assignment-Essay
https://github.com/Tanvi20/Week-7-Alternative-Assignment-wp-cve
https://github.com/harrystaley/CSCI4349_Week9_Honeypot
https://github.com/harrystaley/TAMUSA_CSCI4349_Week9_Honeypot

1.2 KiB Raw Permalink Blame History

CVE-2017-16510

Description

POC

Reference

Github

1.2 KiB

Raw Permalink Blame History