CVEs-PoC/2023/CVE-2023-2761.md at 8e2ebbf9bd04edab52d0cbcbc6c2f6e2cfdaa67d

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-13 05:54:46 +02:00

Files

T

0xMarcio 4edef1e4c8 Update CVE sources 2024-05-28 08:49

2024-05-28 08:49:17 +00:00

Description

The User Activity Log WordPress plugin before 1.6.3 does not properly sanitise and escape the txtsearch parameter before using it in a SQL statement in some admin pages, leading to a SQL injection exploitable by high privilege users such as admin.

POC

Reference

https://wpscan.com/vulnerability/8c82d317-f9f9-4e25-a7f1-43edb77e8aba

Github

https://github.com/fkie-cad/nvd-json-data-feeds

805 B Raw Blame History

CVE-2023-2761

Description

POC

Reference

Github

805 B

Raw Blame History