CVEs-PoC/2017/CVE-2017-6098.md

CVE-2017-6098

Description

A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign_save.php (Requires authentication to Wordpress admin) with the POST Parameter: list_id.

POC

Reference

• https://wpvulndb.com/vulnerabilities/8740
• https://wpvulndb.com/vulnerabilities/8740
• https://www.exploit-db.com/exploits/41438/
• https://www.exploit-db.com/exploits/41438/

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/El-Palomo/SYMFONOS
• https://github.com/vshaliii/Symfonos1-Vulnhub-walkthrough