Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com

CVE-2017-6095

Description

A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/csvexport.php (Unauthenticated) with the GET Parameter: list_id.

POC

Reference

- https://wpvulndb.com/vulnerabilities/8740

- https://www.exploit-db.com/exploits/41438/

Github

- https://github.com/20142995/nuclei-templates

- https://github.com/El-Palomo/SYMFONOS

- https://github.com/VTFoundation/vulnerablewp

- https://github.com/vshaliii/Symfonos1-Vulnhub-walkthrough

- https://github.com/waleedzafar68/vulnerablewp