RSS   Podatności dla 'Infinitewp admin panel'   RSS

2015-01-05
 
CVE-2014-9521

CWE-94
 

 
Unrestricted file upload vulnerability in uploadScript.php in InfiniteWP Admin Panel before 2.4.4, when the allWPFiles query parameter is set, allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the uploads directory, as demonstrated by the .php.swp filename.

 
 
CVE-2014-9520

CWE-89
 

 
SQL injection vulnerability in execute.php in InfiniteWP Admin Panel before 2.4.4 allows remote attackers to execute arbitrary SQL commands via the historyID parameter.

 
 
CVE-2014-9519

CWE-89
 

 
SQL injection vulnerability in login.php in InfiniteWP Admin Panel before 2.4.3 allows remote attackers to execute arbitrary SQL commands via the email parameter.

 


Copyright 2024, cxsecurity.com

 

Back to Top