cve/CVE-2017-16510.md at 9ac4b787af2fa0b7575b28040edee6199ce9a667

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-28 01:04:30 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than CVE-2017-14723.

POC

Reference

https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/Afetter618/WordPress-PenTest
https://github.com/CeCe2018/Codepath
https://github.com/CeCe2018/Codepath-Week-7-Alternative-Assignment-Essay
https://github.com/Tanvi20/Week-7-Alternative-Assignment-wp-cve
https://github.com/harrystaley/CSCI4349_Week9_Honeypot
https://github.com/harrystaley/TAMUSA_CSCI4349_Week9_Honeypot

1.1 KiB Raw Blame History

CVE-2017-16510

Description

POC

Reference

Github

1.1 KiB

Raw Blame History